Prosim o kontrolu

[raky2702]

Dobry den, moj PC sa mi zda pomaly. Nepomohol ani CCleaner.

Tu je log :


Logfile of random's system information tool 1.08 (written by random/random)
Run by mato at 2011-03-27 09:51:39
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 18 GB (6%) free of 305 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:46, on 27. 3. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Users\mato\Desktop\RSIT.exe
C:\Program Files\trend micro\mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files\mobilewitch\tbmobi.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator 2010\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\mato\AppData\Local\GamePlayLabs Plugin\BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files\mobilewitch\tbmobi.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator 2010\WebIE.dll
O3 - Toolbar: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files\mobilewitch\tbmobi.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2010\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2010\WebIE.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 8800 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\PC Translator 2010\WebIE.dll [2010-08-31 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-24 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Users\mato\AppData\Local\GamePlayLabs Plugin\BHO.dll [2011-03-08 432640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
mobilewitch Toolbar - C:\Program Files\mobilewitch\tbmobi.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\PC Translator 2010\WebIE.dll [2010-08-31 503808]
{fcbf663e-8530-46f8-a880-ac5abe9d2b23} - mobilewitch Toolbar - C:\Program Files\mobilewitch\tbmobi.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-07-09 229888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2010-06-10 1092896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-02-20 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-24 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClicker.exe]
C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe [2007-05-11 1150976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\mato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-03-24 23:42:08 ----D---- C:\Users\mato\AppData\Roaming\Doodle_Jump_PC
2011-03-24 22:57:40 ----D---- C:\Program Files\Microsoft XNA
2011-03-22 22:24:00 ----A---- C:\Windows\system32\sbeio.dll
2011-03-22 22:24:00 ----A---- C:\Windows\system32\sbe.dll
2011-03-22 22:24:00 ----A---- C:\Windows\system32\EncDec.dll
2011-03-22 22:23:38 ----A---- C:\Windows\system32\mstscax.dll
2011-03-22 22:23:38 ----A---- C:\Windows\system32\mstsc.exe
2011-03-19 11:10:18 ----A---- C:\Windows\system32\DreamScene.dll
2011-03-13 20:54:07 ----D---- C:\Program Files\1C
2011-03-11 22:24:27 ----D---- C:\Program Files\NCSoft
2011-03-10 17:00:42 ----D---- C:\Users\mato\AppData\Roaming\VirtuaWin
2011-03-10 17:00:38 ----D---- C:\Program Files\VirtuaWin
2011-03-08 18:34:43 ----D---- C:\Windows\system32\xlive
2011-03-08 18:34:42 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-03-05 09:09:48 ----D---- C:\Program Files\Atari
2011-03-02 22:30:25 ----D---- C:\Windows\sk
2011-03-02 22:25:37 ----A---- C:\Windows\system32\webservices.dll
2011-03-02 22:24:05 ----D---- C:\Windows\system32\WindowsPowerShell
2011-03-02 22:21:59 ----A---- C:\Windows\system32\winrsmgr.dll
2011-03-02 22:21:47 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-03-02 22:21:46 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-03-02 22:21:46 ----A---- C:\Windows\system32\winrssrv.dll
2011-03-02 22:21:46 ----A---- C:\Windows\system32\winrshost.exe
2011-03-02 22:21:46 ----A---- C:\Windows\system32\winrs.exe
2011-03-02 22:21:45 ----A---- C:\Windows\system32\WsmRes.dll
2011-03-02 22:21:45 ----A---- C:\Windows\system32\wevtfwd.dll
2011-03-02 22:21:45 ----A---- C:\Windows\system32\wecutil.exe
2011-03-02 22:21:45 ----A---- C:\Windows\system32\wecsvc.dll
2011-03-02 22:21:45 ----A---- C:\Windows\system32\wecapi.dll
2011-03-02 22:21:45 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-03-02 22:21:40 ----A---- C:\Windows\system32\winrm.vbs
2011-03-02 22:21:39 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-03-02 22:21:39 ----A---- C:\Windows\system32\WsmSvc.dll
2011-03-02 22:21:39 ----A---- C:\Windows\system32\WsmAuto.dll
2011-03-02 22:21:39 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-03-02 22:21:39 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-03-02 22:21:39 ----A---- C:\Windows\system32\winrscmd.dll
2011-03-02 22:19:01 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\OpenCL.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\nvwgf2um.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\nvoglv32.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\nvgenco322040.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\nvdispco322090.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\nvcuvid.dll
2011-03-01 22:46:38 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-03-01 22:46:37 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-03-01 22:46:37 ----A---- C:\Windows\system32\nvcuda.dll
2011-03-01 22:46:36 ----A---- C:\Windows\system32\nvcompiler.dll
2011-02-28 20:35:06 ----D---- C:\Users\mato\AppData\Roaming\ProgSense
2011-02-28 20:35:02 ----D---- C:\Users\mato\AppData\Roaming\GrabPro
2011-02-28 20:35:02 ----D---- C:\downloads
2011-02-28 20:34:59 ----D---- C:\Users\mato\AppData\Roaming\Orbit

======List of files/folders modified in the last 1 months======

2011-03-27 09:51:40 ----D---- C:\Program Files\trend micro
2011-03-27 09:51:37 ----D---- C:\Windows\temp
2011-03-27 09:49:49 ----D---- C:\Windows\Debug
2011-03-27 09:49:49 ----D---- C:\Windows
2011-03-27 09:47:10 ----D---- C:\Windows\System32
2011-03-27 09:47:10 ----D---- C:\Windows\inf
2011-03-27 09:47:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-27 09:39:37 ----D---- C:\ProgramData\NVIDIA
2011-03-27 09:39:36 ----A---- C:\Windows\system32\bscs.ini
2011-03-27 09:39:07 ----RD---- C:\Program Files
2011-03-27 09:39:07 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-27 09:39:07 ----D---- C:\Program Files\Common Files
2011-03-27 09:37:18 ----D---- C:\Users\mato\AppData\Roaming\Skype
2011-03-27 09:37:15 ----D---- C:\Users\mato\AppData\Roaming\uTorrent
2011-03-27 09:35:41 ----AD---- C:\ProgramData\TEMP
2011-03-27 09:35:38 ----D---- C:\ProgramData
2011-03-27 09:35:37 ----D---- C:\Windows\system32\drivers
2011-03-27 09:34:32 ----D---- C:\Program Files\MagicISO
2011-03-27 09:33:52 ----D---- C:\Program Files\Remote Professional
2011-03-27 09:33:27 ----D---- C:\PacSteamT
2011-03-27 09:32:58 ----D---- C:\hry
2011-03-27 09:29:40 ----SHD---- C:\Windows\Installer
2011-03-27 09:29:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-03-27 09:29:31 ----SHD---- C:\System Volume Information
2011-03-27 09:28:53 ----D---- C:\Windows\system32\Tasks
2011-03-27 09:28:35 ----D---- C:\Program Files\Mobile Witch Remote Control
2011-03-27 09:18:41 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2011-03-27 09:16:46 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2011-03-27 09:16:31 ----D---- C:\Users\mato\AppData\Roaming\skypePM
2011-03-26 22:06:38 ----D---- C:\Windows\Prefetch
2011-03-25 21:45:38 ----D---- C:\Windows\system32\catroot2
2011-03-25 10:27:15 ----D---- C:\Program Files\JDownloader
2011-03-24 22:57:48 ----RSD---- C:\Windows\assembly
2011-03-24 22:57:41 ----D---- C:\Program Files\Common Files\microsoft shared
2011-03-22 22:42:18 ----D---- C:\Windows\winsxs
2011-03-22 22:25:32 ----A---- C:\Windows\system32\mrt.exe
2011-03-22 22:25:29 ----D---- C:\Windows\system32\catroot
2011-03-19 22:43:23 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2011-03-19 11:10:18 ----D---- C:\Windows\Web
2011-03-19 11:10:18 ----D---- C:\Windows\system32\en-US
2011-03-17 22:05:40 ----D---- C:\Users\mato\AppData\Roaming\vlc
2011-03-16 17:08:24 ----D---- C:\Program Files\Defraggler
2011-03-15 18:41:21 ----D---- C:\Program Files\Mozilla Firefox
2011-03-13 23:35:07 ----A---- C:\Windows\NeroDigital.ini
2011-03-13 18:07:19 ----D---- C:\Program Files\Electronic Arts
2011-03-13 08:15:22 ----D---- C:\Program Files\Zrychlenie PC
2011-03-13 08:12:40 ----D---- C:\Program Files\GTASAConsole
2011-03-11 22:23:37 ----D---- C:\Users\mato\AppData\Roaming\GetRightToGo
2011-03-10 16:40:31 ----D---- C:\Program Files\Static Windows Mail Backup Free
2011-03-08 18:44:43 ----D---- C:\ProgramData\Synetic
2011-03-04 20:29:06 ----D---- C:\Users\mato\AppData\Roaming\Nokia
2011-03-03 08:11:08 ----D---- C:\Windows\rescache
2011-03-03 07:54:01 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-02 23:44:07 ----D---- C:\Windows\system32\sk-SK
2011-03-02 22:44:41 ----D---- C:\Windows\Microsoft.NET
2011-03-02 22:30:33 ----D---- C:\Program Files\Microsoft
2011-03-02 22:29:23 ----D---- C:\Program Files\Windows Live
2011-03-02 22:28:19 ----SD---- C:\ProgramData\Microsoft
2011-03-02 22:28:16 ----RSD---- C:\Windows\Fonts
2011-03-02 22:24:14 ----D---- C:\Windows\PolicyDefinitions
2011-03-01 22:37:19 ----D---- C:\ProgramData\IObit
2011-03-01 22:37:18 ----D---- C:\Program Files\IObit
2011-02-28 20:22:19 ----D---- C:\Program Files\Common Files\Steam
2011-02-28 20:22:17 ----D---- C:\Program Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-17 691696]
R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2006-09-14 76160]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-13 165376]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-13 18048]
R2 PARLDR2K;ParLdr2k; \??\C:\Windows\system32\drivers\parldr2k.sys [2010-12-27 10454]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2010-05-26 74752]
R3 bbcap;bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2008-03-06 38920]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-12-29 25280]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2010-05-26 6144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2008-01-21 29960]
R3 vsbus;Virtual Serial Bus Enumerator; C:\Windows\system32\DRIVERS\vsb.sys [2008-07-24 15264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2008-03-06 33800]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2008-03-06 27528]
S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys []
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys []
S3 BthAudioHF;BthAudioHF Service; C:\Windows\system32\DRIVERS\BthAudioHF.sys [2010-02-05 48024]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 22416]
S3 cpuz132;cpuz132; \??\C:\Users\mato\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 csr_a2dp;Bluetooth AV Profile; C:\Windows\system32\drivers\bthav.sys [2010-02-05 66952]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-08-22 9088]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2008-01-21 14856]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\mato\Desktop\RealTemp_360\WinRing0.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-09 775168]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2011-01-18 512000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-03-11 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 69735]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
S2 HFGService;Handsfree Headset Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-02-28 407336]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-03-11 360192]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

[Roli]

Zdravím, přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Google Update Service

NMIndexingService

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[raky2702]

Aj Google Update Service a aj NMIndexingService bolo uz zastavene takze som to len vypol - (Typ spouštění zvol Zakázáno.)
Mbam bude za chvilu...

// Mbam :



Ospravedlnujem sa za velkost obrazka

[Roli]

To co Mbam našel nech smazat.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[raky2702]

Tu je log :


ComboFix 11-03-26.02 - mato . 03. 2011 17:52:48.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3071.2169 [GMT 2:00]
Running from: c:\users\mato\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mato\AppData\Local\GamePlayLabs Plugin\BHO.dll
c:\users\mato\MediaPluginSetup.exe
c:\users\mato\Soul-Aion_Launcher_Installer.exe
c:\users\mato\TunaticSetup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 15:45 . 2011-03-27 15:45 -------- d-----w- C:\32788R22FWJFW
2011-03-26 21:26 . 2011-03-26 21:26 -------- d-----w- c:\users\mato\CellPhoneSoft RAMblow Pro v1.31(0) S60v3 S60v5 S^3 SymbianOS9.x Full UNSigned by MOJTABA@POPDA
2011-03-25 19:54 . 2011-03-25 19:54 -------- d-----w- c:\users\mato\Pr__beh_Ulice_-_The_Soundtrack__B_U_G_Y_
2011-03-25 19:43 . 2011-03-25 19:43 -------- d-----w- c:\users\mato\Rayman.Raving.Rabbids.2.by.TheTrooper.of.PowerUploaders
2011-03-24 21:43 . 2011-03-24 21:43 -------- d-----w- c:\users\mato\AppData\Local\#N
2011-03-24 21:42 . 2011-03-24 21:43 -------- d-----w- c:\users\mato\AppData\Roaming\Doodle_Jump_PC
2011-03-24 20:57 . 2011-03-24 20:57 -------- d-----w- c:\program files\Microsoft XNA
2011-03-24 20:56 . 2011-03-24 20:56 47464 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll
2011-03-24 20:56 . 2011-03-24 20:56 2258776 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\v3.1\XnaNative.dll
2011-03-24 20:56 . 2011-03-24 20:56 17240 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\Shared\XnaVisualizerPS.dll
2011-03-24 20:56 . 2011-03-24 20:56 -------- d-----w- c:\users\mato\doodle-gguuggoo
2011-03-24 18:08 . 2011-03-24 18:08 -------- d-----w- c:\users\mato\Naruto Shippuden-204 cz sub od hokage.cz
2011-03-22 20:24 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-22 20:24 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-22 20:24 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-22 20:24 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-22 20:23 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-22 20:23 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-21 19:15 . 2011-03-21 19:15 -------- d-----w- c:\users\mato\mute-camera
2011-03-20 21:26 . 2011-03-20 21:26 -------- d-----w- c:\users\mato\eminem-still-shady_by_blna_of_poweruploaders
2011-03-20 18:58 . 2011-03-27 16:00 -------- d-----w- c:\users\mato\AppData\Local\GamePlayLabs Plugin
2011-03-19 09:10 . 2008-03-18 17:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-18 20:38 . 2011-03-18 20:38 -------- d-----w- c:\users\mato\C6 Unleashed Tribute Edition_RM-504_Fixed
2011-03-17 20:00 . 2011-03-17 20:00 -------- d-----w- c:\users\mato\Naruto Shippuden 203-Cz sub od Hokage.cz
2011-03-16 19:43 . 2011-03-16 19:44 26329767 ----a-w- c:\users\mato\Counter_Strike_Source_www.planetcss.com_4426_PATCH_31.exe
2011-03-13 18:54 . 2011-03-13 18:54 -------- d-----w- c:\program files\1C
2011-03-11 20:24 . 2011-03-11 20:24 -------- d-----w- c:\users\mato\AppData\Local\assembly
2011-03-11 20:24 . 2011-03-11 20:24 -------- d-----w- c:\program files\NCSoft
2011-03-11 20:23 . 2011-03-11 20:23 -------- d-----w- c:\users\mato\Aion
2011-03-10 15:00 . 2011-03-10 15:00 -------- d-----w- c:\users\mato\AppData\Roaming\VirtuaWin
2011-03-10 15:00 . 2011-03-27 07:31 -------- d-----w- c:\program files\VirtuaWin
2011-03-10 15:00 . 2011-03-10 15:00 422745 ----a-w- c:\users\mato\VirtuaWin_setup_4.3.exe
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\windows\system32\xlive
2011-03-08 16:34 . 2011-03-22 20:25 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-05 16:59 . 2011-03-05 16:59 -------- d-----w- c:\users\mato\AppData\Local\CrashRpt
2011-03-05 07:09 . 2011-03-05 07:09 -------- d-----w- c:\program files\Atari
2011-03-03 20:38 . 2011-03-03 20:38 -------- d-----w- c:\users\mato\[HorribleSubs] Naruto Shippuuden - 201 [480p]
2011-03-03 15:29 . 2011-03-03 15:29 -------- d-----w- c:\users\mato\title_update_7_EN
2011-03-02 20:30 . 2011-03-02 20:30 -------- d-----w- c:\windows\sk
2011-03-02 20:26 . 2011-03-02 20:26 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\DSETUP.dll
2011-03-02 20:26 . 2011-03-02 20:26 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\DXSETUP.exe
2011-03-02 20:26 . 2011-03-02 20:26 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\dsetup32.dll
2011-03-02 20:26 . 2011-03-02 20:26 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\DSETUP.dll
2011-03-02 20:26 . 2011-03-02 20:26 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\DXSETUP.exe
2011-03-02 20:26 . 2011-03-02 20:26 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\dsetup32.dll
2011-03-02 20:25 . 2011-03-02 20:25 -------- d-----w- c:\users\mato\AppData\Local\Windows Live
2011-03-02 20:25 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-01 20:46 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-01 20:46 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-01 20:46 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-01 20:46 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-03-01 20:46 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-01 20:46 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-03-01 20:46 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-03-01 20:46 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-01 20:46 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-01 20:46 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-28 18:35 . 2011-02-28 18:35 -------- d-----w- c:\users\mato\AppData\Roaming\ProgSense
2011-02-28 18:35 . 2011-03-02 18:20 -------- d-----w- C:\downloads
2011-02-28 18:35 . 2011-02-28 18:35 -------- d-----w- c:\users\mato\AppData\Roaming\GrabPro
2011-02-28 18:34 . 2011-03-02 18:21 -------- d-----w- c:\users\mato\AppData\Roaming\Orbit
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 18:23 . 2010-03-17 19:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-20 16:37 . 2011-02-11 18:26 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-11 18:26 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-11 18:26 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-11 18:26 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-11 18:26 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-11 18:26 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-11 18:26 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-11 18:26 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-11 18:26 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-11 18:26 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-11 18:26 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-11 18:26 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04 . 2011-02-11 18:26 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28 . 2011-02-11 18:26 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-11 18:26 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-11 18:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-11 18:26 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-11 18:26 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-11 18:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-11 18:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-11 18:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-11 18:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-11 18:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-11 18:26 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-11 18:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-11 18:26 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-11 18:26 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-11 18:26 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-11 18:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-11 18:17 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-03-01 20:46 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-04-03 20:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-03-02 06:34 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-31 13:57 . 2011-02-11 18:18 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 21:03 . 2010-12-29 21:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-12-28 15:55 . 2011-01-14 14:35 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 20:46 . 2010-12-27 20:46 10454 ----a-w- c:\windows\system32\drivers\parldr2k.sys
2007-11-07 01:19 . 2011-03-27 07:26 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2011-03-27 07:26 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
2010-03-17 14:45 2355224 ----a-w- c:\program files\mobilewitch\tbmobi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 229888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-06-10 13:54 1092896 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-02 06:23 135664 ----atw- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-20 19:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-24 14:32 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClicker.exe]
2007-05-11 10:25 1150976 ----a-w- c:\program files\Salling Software AB\Salling Clicker\WinClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus SX400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "c:\users\mato\AppData\Local\Temp\E_SCAC7.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2010-02-05 48024]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\mato\Desktop\RealTemp_360\WinRing0.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-17 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2006-09-13 76160]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 PARLDR2K;PARLDR2K;c:\windows\system32\drivers\parldr2k.sys [2010-12-27 10454]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2010-05-26 74752]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2010-05-26 6144]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GUPDATE
*NewlyCreated* - NMINDEXINGSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthaudiosvc REG_MULTI_SZ HFGService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
2011-03-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-23 13:10]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2010\WebIE.dll
FF - ProfilePath - c:\users\mato\AppData\Roaming\Mozilla\Firefox\Profiles\o0nu3p77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MobileWitch
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - %profile%\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 18:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-190942252-359916794-3278992379-1000\Software\SecuROM\License information*]
"datasecu"=hex:c2,29,ff,c9,bf,8e,92,87,b7,41,22,b2,f3,b0,41,56,52,a4,88,ec,d6,
1d,37,a2,f8,e4,bc,a0,e9,28,c8,fd,a9,09,6f,72,0f,d8,3d,41,9f,6a,5c,6c,c3,54,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0033\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-27 18:03:00
ComboFix-quarantined-files.txt 2011-03-27 16:02
.
Pre-Run: 19 541 409 792 bytes free
Post-Run: 19 288 051 712 bytes free
.
- - End Of File - - BD8C267F3D96AD324C33EA3DCBCF0C2B

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox::  
FF - ProfilePath - c:\users\mato\AppData\Roaming\Mozilla\Firefox\Profiles\o0nu3p77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1605787&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0033\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[raky2702]

Log :

ComboFix 11-03-26.02 - mato . 03. 2011 18:33:16.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3071.2196 [GMT 2:00]
Running from: c:\users\mato\Desktop\ComboFix.exe
Command switches used :: c:\users\mato\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 16:40 . 2011-03-27 16:40 -------- d-----w- c:\users\mato\AppData\Local\temp
2011-03-27 16:40 . 2011-03-27 16:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-27 16:40 . 2011-03-27 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-26 21:26 . 2011-03-26 21:26 -------- d-----w- c:\users\mato\CellPhoneSoft RAMblow Pro v1.31(0) S60v3 S60v5 S^3 SymbianOS9.x Full UNSigned by MOJTABA@POPDA
2011-03-25 19:54 . 2011-03-25 19:54 -------- d-----w- c:\users\mato\Pr__beh_Ulice_-_The_Soundtrack__B_U_G_Y_
2011-03-25 19:43 . 2011-03-25 19:43 -------- d-----w- c:\users\mato\Rayman.Raving.Rabbids.2.by.TheTrooper.of.PowerUploaders
2011-03-24 21:43 . 2011-03-24 21:43 -------- d-----w- c:\users\mato\AppData\Local\#N
2011-03-24 21:42 . 2011-03-24 21:43 -------- d-----w- c:\users\mato\AppData\Roaming\Doodle_Jump_PC
2011-03-24 20:57 . 2011-03-24 20:57 -------- d-----w- c:\program files\Microsoft XNA
2011-03-24 20:56 . 2011-03-24 20:56 47464 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll
2011-03-24 20:56 . 2011-03-24 20:56 2258776 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\v3.1\XnaNative.dll
2011-03-24 20:56 . 2011-03-24 20:56 17240 ----a-w- c:\program files\Common Files\Microsoft Shared\XNA\Framework\Shared\XnaVisualizerPS.dll
2011-03-24 20:56 . 2011-03-24 20:56 -------- d-----w- c:\users\mato\doodle-gguuggoo
2011-03-24 18:08 . 2011-03-24 18:08 -------- d-----w- c:\users\mato\Naruto Shippuden-204 cz sub od hokage.cz
2011-03-22 20:24 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-22 20:24 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-22 20:24 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-22 20:24 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-22 20:23 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-22 20:23 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-21 19:15 . 2011-03-21 19:15 -------- d-----w- c:\users\mato\mute-camera
2011-03-20 21:26 . 2011-03-20 21:26 -------- d-----w- c:\users\mato\eminem-still-shady_by_blna_of_poweruploaders
2011-03-20 18:58 . 2011-03-27 16:00 -------- d-----w- c:\users\mato\AppData\Local\GamePlayLabs Plugin
2011-03-19 09:10 . 2008-03-18 17:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-18 20:38 . 2011-03-18 20:38 -------- d-----w- c:\users\mato\C6 Unleashed Tribute Edition_RM-504_Fixed
2011-03-17 20:00 . 2011-03-17 20:00 -------- d-----w- c:\users\mato\Naruto Shippuden 203-Cz sub od Hokage.cz
2011-03-16 19:43 . 2011-03-16 19:44 26329767 ----a-w- c:\users\mato\Counter_Strike_Source_www.planetcss.com_4426_PATCH_31.exe
2011-03-13 18:54 . 2011-03-13 18:54 -------- d-----w- c:\program files\1C
2011-03-11 20:24 . 2011-03-11 20:24 -------- d-----w- c:\users\mato\AppData\Local\assembly
2011-03-11 20:24 . 2011-03-11 20:24 -------- d-----w- c:\program files\NCSoft
2011-03-11 20:23 . 2011-03-11 20:23 -------- d-----w- c:\users\mato\Aion
2011-03-10 15:00 . 2011-03-10 15:00 -------- d-----w- c:\users\mato\AppData\Roaming\VirtuaWin
2011-03-10 15:00 . 2011-03-27 07:31 -------- d-----w- c:\program files\VirtuaWin
2011-03-10 15:00 . 2011-03-10 15:00 422745 ----a-w- c:\users\mato\VirtuaWin_setup_4.3.exe
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\windows\system32\xlive
2011-03-08 16:34 . 2011-03-22 20:25 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-05 16:59 . 2011-03-05 16:59 -------- d-----w- c:\users\mato\AppData\Local\CrashRpt
2011-03-05 07:09 . 2011-03-05 07:09 -------- d-----w- c:\program files\Atari
2011-03-03 20:38 . 2011-03-03 20:38 -------- d-----w- c:\users\mato\[HorribleSubs] Naruto Shippuuden - 201 [480p]
2011-03-03 15:29 . 2011-03-03 15:29 -------- d-----w- c:\users\mato\title_update_7_EN
2011-03-02 20:30 . 2011-03-02 20:30 -------- d-----w- c:\windows\sk
2011-03-02 20:26 . 2011-03-02 20:26 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\DSETUP.dll
2011-03-02 20:26 . 2011-03-02 20:26 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\DXSETUP.exe
2011-03-02 20:26 . 2011-03-02 20:26 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\16361e4a1cbd91808\dsetup32.dll
2011-03-02 20:26 . 2011-03-02 20:26 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\DSETUP.dll
2011-03-02 20:26 . 2011-03-02 20:26 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\DXSETUP.exe
2011-03-02 20:26 . 2011-03-02 20:26 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\14ddec6c1cbd91807\dsetup32.dll
2011-03-02 20:25 . 2011-03-02 20:25 -------- d-----w- c:\users\mato\AppData\Local\Windows Live
2011-03-02 20:25 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-01 20:46 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-01 20:46 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-01 20:46 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-01 20:46 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-03-01 20:46 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-01 20:46 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-03-01 20:46 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-03-01 20:46 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-01 20:46 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-01 20:46 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-28 18:35 . 2011-02-28 18:35 -------- d-----w- c:\users\mato\AppData\Roaming\ProgSense
2011-02-28 18:35 . 2011-03-02 18:20 -------- d-----w- C:\downloads
2011-02-28 18:35 . 2011-02-28 18:35 -------- d-----w- c:\users\mato\AppData\Roaming\GrabPro
2011-02-28 18:34 . 2011-03-02 18:21 -------- d-----w- c:\users\mato\AppData\Roaming\Orbit
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 18:23 . 2010-03-17 19:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-20 16:37 . 2011-02-11 18:26 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-11 18:26 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-11 18:26 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-11 18:26 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-11 18:26 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-11 18:26 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-11 18:26 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-11 18:26 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-11 18:26 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-11 18:26 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-11 18:26 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-11 18:26 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04 . 2011-02-11 18:26 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28 . 2011-02-11 18:26 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-11 18:26 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-11 18:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-11 18:26 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-11 18:26 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-11 18:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-11 18:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-11 18:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-11 18:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-11 18:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-11 18:26 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-11 18:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-11 18:26 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-11 18:26 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-11 18:26 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-11 18:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-11 18:17 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-03-01 20:46 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-04-03 20:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-03-02 06:34 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-31 13:57 . 2011-02-11 18:18 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 21:03 . 2010-12-29 21:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-12-28 15:55 . 2011-01-14 14:35 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 20:46 . 2010-12-27 20:46 10454 ----a-w- c:\windows\system32\drivers\parldr2k.sys
2007-11-07 01:19 . 2011-03-27 07:26 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2011-03-27 07:26 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
2010-03-17 14:45 2355224 ----a-w- c:\program files\mobilewitch\tbmobi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}"= "c:\program files\mobilewitch\tbmobi.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 229888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-06-10 13:54 1092896 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-02 06:23 135664 ----atw- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-02-20 19:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-24 14:32 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClicker.exe]
2007-05-11 10:25 1150976 ----a-w- c:\program files\Salling Software AB\Salling Clicker\WinClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus SX400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "c:\users\mato\AppData\Local\Temp\E_SCAC7.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2010-02-05 48024]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\mato\Desktop\RealTemp_360\WinRing0.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-17 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2006-09-13 76160]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 PARLDR2K;PARLDR2K;c:\windows\system32\drivers\parldr2k.sys [2010-12-27 10454]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2010-05-26 74752]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2010-05-26 6144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthaudiosvc REG_MULTI_SZ HFGService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
2011-03-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-23 13:10]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2010\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2010\WebIE.dll
FF - ProfilePath - c:\users\mato\AppData\Roaming\Mozilla\Firefox\Profiles\o0nu3p77.default\
FF - prefs.js: browser.search.selectedEngine - MobileWitch
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - %profile%\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 18:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-190942252-359916794-3278992379-1000\Software\SecuROM\License information*]
"datasecu"=hex:c2,29,ff,c9,bf,8e,92,87,b7,41,22,b2,f3,b0,41,56,52,a4,88,ec,d6,
1d,37,a2,f8,e4,bc,a0,e9,28,c8,fd,a9,09,6f,72,0f,d8,3d,41,9f,6a,5c,6c,c3,54,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4584)
c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
Completion time: 2011-03-27 18:42:10
ComboFix-quarantined-files.txt 2011-03-27 16:42
ComboFix2.txt 2011-03-27 16:03
.
Pre-Run: 19 199 594 496 bytes free
Post-Run: 19 058 499 584 bytes free
.
- - End Of File - - AB8578EE907D8E5DD5DD2AA8DACB1F4C

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[raky2702]

No myslim ze PC je rychlejsie a ma lepsie reakcie. Takze dakujem za pomoc.

[Roli]

Není zač.