facebook problem vir

Zpráva

ricv · #1 Příspěvek od **ricv** » 03 srp 2011 21:12

byl sem asi nekde mimo ale stahl sem taky ten vir tady je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by datart at 2011-08-03 21:48:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 439 GB (75%) free of 588 GB
Total RAM: 4030 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:07, on 3.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\update.tray-3-0\svchost.exe
C:\Windows\systemup.exe
C:\Windows\l1rezerv.exe
C:\Windows\update.3\svchost.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\datart.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [6724090.exe] "C:\Users\datart\AppData\Local\Temp\6724090.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [627769.exe] "C:\Windows\Temp\627769.exe"
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [11251394-loader2.exe] "C:\Users\datart\AppData\Local\Temp\11251394-loader2.exe"
O4 - HKLM\..\Run: [99134040-loader2.exe] "C:\Windows\Temp\99134040-loader2.exe"
O4 - HKLM\..\Run: [w_distrib.exe] "C:\Windows\update.3\svchost.exe" stand
O4 - HKLM\..\Run: [1262872-loader2.exe] "C:\Users\datart\AppData\Local\Temp\1262872-loader2.exe"
O4 - HKLM\..\Run: [29929729-loader2.exe] "C:\Windows\Temp\29929729-loader2.exe"
O4 - HKLM\..\Run: [5901375.exe] "C:\Windows\TEMP\5901375.exe"
O4 - HKLM\..\Run: [7766875.exe] "C:\Windows\TEMP\7766875.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: S3D Service (Win32) (S3DSvc32) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: S3D Service (Win64) (S3DSvc64) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 16086 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\DigitalPersona\Bin\DpHostW.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe"
"C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\update.tray-3-0\svchost.exe"
"C:\Windows\systemup.exe" stand
"C:\Windows\l1rezerv.exe"
"C:\Windows\update.3\svchost.exe" stand
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
WLIDSvcM.exe 3984
"C:\Program Files\Motorola\Bluetooth\obexsrv.exe"
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {8ACC1C68-9C77-4DFA-8C04-09CC5404A799}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
Steam.exe -silent
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\update.2\svchost.exe srv
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\update.5.0\svchost.exe srv
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\sysdriver32.exe srv
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\ufa\ufa.exe -o http://127.0.0.1:49856
\??\C:\Windows\system32\conhost.exe "1773122502-1304364080-1873163030472051493-1363580841-777181084207634323-1009790548
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1132 CREDAT:79873
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1132 CREDAT:14403
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1132 CREDAT:79875
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1686840696-3354219037-825265509-100018_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1686840696-3354219037-825265509-100018 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552
"C:\Users\datart\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleFordatart.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-17 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20 1581376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-08-03 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
C:\Program Files\Motorola\Bluetooth\btmshell.dll [2010-06-10 24783624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\datart\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-06-29 602168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisorDock]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-09 1712184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-06-18 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-07-19 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [2011-04-05 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
C:\Program Files (x86)\Livestation\Livestation.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-01-20 611896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-17 2480936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray64.exe [2010-06-18 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNOD UP]
C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
"wxpdrv"=C:\Windows\services32.exe [2011-07-18 1170432]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-07-18 1170432]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"6724090.exe"=C:\Users\datart\AppData\Local\Temp\6724090.exe [2011-07-18 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-03 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-03 256000]
"627769.exe"=C:\Windows\Temp\627769.exe [2011-07-18 232960]
"systemup"=C:\Windows\systemup.exe [2011-07-18 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-22 232960]
"11251394-loader2.exe"=C:\Users\datart\AppData\Local\Temp\11251394-loader2.exe [2011-07-21 245760]
"99134040-loader2.exe"=C:\Windows\Temp\99134040-loader2.exe [2011-07-21 245760]
"w_distrib.exe"=C:\Windows\update.3\svchost.exe [2011-07-21 272896]
"1262872-loader2.exe"=C:\Users\datart\AppData\Local\Temp\1262872-loader2.exe [2011-07-22 249344]
"29929729-loader2.exe"=C:\Windows\Temp\29929729-loader2.exe [2011-07-22 249344]
"5901375.exe"=C:\Windows\TEMP\5901375.exe [2011-08-03 502272]
"7766875.exe"=C:\Windows\TEMP\7766875.exe [2011-08-03 256000]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-07-19 421736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DpHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-03 21:42:42 ----D---- C:\Program Files\trend micro
2011-08-03 21:42:41 ----D---- C:\rsit
2011-08-03 20:00:49 ----D---- C:\Program Files\iTunes
2011-08-03 20:00:49 ----D---- C:\Program Files\iPod
2011-08-03 19:58:00 ----D---- C:\Program Files\Bonjour
2011-08-03 19:58:00 ----D---- C:\Program Files (x86)\Bonjour
2011-08-03 19:57:56 ----SHD---- C:\Config.Msi
2011-07-22 19:38:33 ----D---- C:\Program Files (x86)\Steam
2011-07-22 14:27:23 ----D---- C:\Program Files (x86)\parts
2011-07-22 14:27:23 ----D---- C:\Program Files (x86)\backgrounds
2011-07-22 14:27:23 ----A---- C:\Program Files (x86)\readme.txt
2011-07-22 14:27:23 ----A---- C:\Program Files (x86)\MCSkinEdit.jar
2011-07-22 14:27:23 ----A---- C:\Program Files (x86)\Launch.bat
2011-07-22 12:14:49 ----D---- C:\Program Files\Codemasters
2011-07-22 11:39:27 ----A---- C:\Windows\level.ini
2011-07-22 02:46:35 ----A---- C:\Windows\system32\mshtml.dll
2011-07-22 02:46:33 ----A---- C:\Windows\system32\ieframe.dll
2011-07-22 02:46:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-07-22 02:46:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-07-22 02:46:30 ----A---- C:\Windows\system32\urlmon.dll
2011-07-22 02:46:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-07-22 02:46:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-07-22 02:46:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-07-22 02:46:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-07-22 02:46:29 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-22 02:46:29 ----A---- C:\Windows\system32\iertutil.dll
2011-07-22 02:46:28 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-07-22 02:46:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-07-22 02:46:28 ----A---- C:\Windows\system32\wininet.dll
2011-07-22 02:46:28 ----A---- C:\Windows\system32\jsproxy.dll
2011-07-22 02:46:28 ----A---- C:\Windows\system32\ieui.dll
2011-07-21 21:14:14 ----D---- C:\Windows\Sun
2011-07-21 21:05:35 ----A---- C:\Windows\w_distrib_iplist.txt
2011-07-21 21:05:12 ----HD---- C:\Windows\update.3
2011-07-20 23:50:12 ----D---- C:\Program Files (x86)\RocketDock
2011-07-20 19:18:59 ----A---- C:\Windows\WORDPAD.INI
2011-07-19 22:55:06 ----AH---- C:\Windows\SYSWOW64\mlfcache.dat
2011-07-19 22:54:24 ----D---- C:\Program Files (x86)\Safari
2011-07-18 13:30:39 ----D---- C:\Windows\ufa
2011-07-18 13:30:39 ----D---- C:\Windows\rpcminer
2011-07-18 13:30:39 ----D---- C:\Windows\phoenix
2011-07-18 13:30:38 ----A---- C:\Windows\unrar.exe
2011-07-18 13:29:51 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-18 13:29:32 ----A---- C:\Windows\ddh_iplist.txt
2011-07-18 13:29:28 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-18 13:29:27 ----A---- C:\Windows\l1rezerv.exe
2011-07-18 13:29:24 ----A---- C:\Windows\systemup.exe
2011-07-18 13:29:13 ----HD---- C:\Windows\update.2
2011-07-18 13:29:08 ----HD---- C:\Windows\update.5.0
2011-07-18 13:29:08 ----A---- C:\Windows\sysdriver32_.exe
2011-07-18 13:29:03 ----A---- C:\Windows\iplist.txt
2011-07-18 13:28:54 ----A---- C:\Windows\sysdriver32.exe
2011-07-18 13:28:24 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 13:28:22 ----D---- C:\Windows\av_ico
2011-07-18 13:27:08 ----HD---- C:\Windows\update.1
2011-07-18 13:27:06 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-07-18 13:27:06 ----HD---- C:\Windows\update.tray-3-0
2011-07-18 13:14:45 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 13:14:45 ----A---- C:\Windows\winlog-dirs.txt
2011-07-18 13:14:40 ----A---- C:\Windows\services32.exe
2011-07-16 18:54:04 ----D---- C:\Program Files\Mafia
2011-07-16 15:05:55 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2011-07-15 16:21:48 ----A---- C:\Windows\system32\drivers\AmdTools64.sys
2011-07-15 16:21:47 ----D---- C:\Program Files (x86)\AMD GPU Clock Tool
2011-07-13 02:26:18 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 02:26:18 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 02:26:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 02:26:17 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 02:26:16 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 02:26:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 02:26:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 02:26:14 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 02:26:12 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 02:26:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 02:26:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 02:26:11 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 02:26:09 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 02:26:09 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 02:26:07 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 02:26:05 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 02:26:05 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 02:26:05 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 02:26:05 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 02:26:04 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 02:26:04 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 02:26:04 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 02:26:04 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 02:26:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 02:26:04 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 02:26:04 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 02:26:04 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 02:26:03 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-12 21:28:06 ----D---- C:\ProgramData\Synetic
2011-07-12 14:34:17 ----D---- C:\Program Files (x86)\Aspyr
2011-07-12 11:34:00 ----A---- C:\Windows\system32\jdns_sd.dll
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dnssdX.dll
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dns-sd.exe
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dnssd.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\jdns_sd.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dnssdX.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dns-sd.exe
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dnssd.dll
2011-07-10 15:41:48 ----D---- C:\Program Files (x86)\Minecraft
2011-07-10 15:35:05 ----D---- C:\Users\datart\AppData\Roaming\.minecraft
2011-07-10 13:35:23 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-07-06 23:50:16 ----D---- C:\ProgramData\EA Logs
2011-07-05 14:41:56 ----D---- C:\Users\datart\AppData\Roaming\AnvSoft

======List of files/folders modified in the last 1 month======

2011-08-03 21:48:00 ----D---- C:\Windows\Temp
2011-08-03 21:47:59 ----D---- C:\Windows\Prefetch
2011-08-03 21:42:42 ----RD---- C:\Program Files
2011-08-03 20:02:06 ----SHD---- C:\Windows\Installer
2011-08-03 20:01:38 ----D---- C:\Program Files (x86)\iTunes
2011-08-03 20:01:22 ----D---- C:\Windows\system32\config
2011-08-03 19:58:00 ----D---- C:\Windows\SysWOW64
2011-08-03 19:58:00 ----D---- C:\Windows\System32
2011-08-03 19:58:00 ----D---- C:\Program Files (x86)
2011-08-03 19:53:42 ----D---- C:\Windows\inf
2011-08-03 19:53:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 19:50:33 ----SHD---- C:\System Volume Information
2011-08-03 19:49:12 ----D---- C:\Windows
2011-08-03 19:48:51 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-22 19:38:33 ----D---- C:\Program Files (x86)\Common Files
2011-07-22 17:33:33 ----D---- C:\Users\datart\AppData\Roaming\uTorrent
2011-07-22 12:23:20 ----D---- C:\Windows\SYSWOW64\directx
2011-07-22 12:21:50 ----HD---- C:\Windows\msdownld.tmp
2011-07-22 11:26:08 ----D---- C:\Users\datart\AppData\Roaming\CyberLink
2011-07-22 11:22:43 ----SD---- C:\ProgramData\Microsoft
2011-07-22 03:48:12 ----D---- C:\Windows\winsxs
2011-07-22 03:47:45 ----D---- C:\Windows\Minidump
2011-07-22 03:36:04 ----D---- C:\Program Files\Internet Explorer
2011-07-22 03:36:04 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-22 03:36:03 ----D---- C:\Windows\SYSWOW64\migration
2011-07-22 03:36:03 ----D---- C:\Windows\system32\migration
2011-07-22 02:46:11 ----D---- C:\Windows\system32\catroot
2011-07-22 02:46:10 ----D---- C:\Windows\system32\catroot2
2011-07-22 00:02:31 ----D---- C:\Windows\Downloaded Program Files
2011-07-22 00:02:31 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2011-07-21 02:36:11 ----D---- C:\Windows\system32\drivers\etc
2011-07-21 01:32:00 ----D---- C:\Windows\rescache
2011-07-21 00:12:51 ----D---- C:\Windows\system32\Tasks
2011-07-20 21:04:02 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-20 21:04:01 ----D---- C:\Windows\SYSWOW64\en-US
2011-07-20 21:03:59 ----D---- C:\Windows\system32\en-US
2011-07-20 21:03:59 ----D---- C:\Windows\system32\cs-CZ
2011-07-20 21:03:59 ----D---- C:\Windows\PolicyDefinitions
2011-07-19 23:47:55 ----D---- C:\Windows\Tasks
2011-07-19 23:11:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-19 23:10:21 ----D---- C:\Program Files (x86)\Opera
2011-07-19 22:54:51 ----D---- C:\Users\datart\AppData\Roaming\Apple Computer
2011-07-18 20:29:00 ----D---- C:\Program Files (x86)\ATITool
2011-07-18 13:47:27 ----D---- C:\Windows\system32\drivers
2011-07-18 13:47:25 ----D---- C:\Windows\system32\DriverStore
2011-07-17 10:28:36 ----D---- C:\Program Files (x86)\EA Games
2011-07-16 19:42:03 ----HD---- C:\ProgramData
2011-07-16 19:42:00 ----D---- C:\Program Files (x86)\Electronic Arts
2011-07-16 19:38:15 ----RSD---- C:\Windows\assembly
2011-07-16 15:03:13 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-07-16 15:03:07 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-07-16 15:03:06 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2011-07-16 15:00:01 ----D---- C:\Program Files (x86)\Ubisoft
2011-07-16 15:00:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-15 16:01:26 ----D---- C:\Users\datart\AppData\Roaming\Skype
2011-07-13 03:18:13 ----D---- C:\Windows\AppPatch
2011-07-13 03:01:18 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 03:01:09 ----D---- C:\ProgramData\Microsoft Help
2011-07-12 11:54:33 ----D---- C:\Windows\system32\wdi
2011-07-06 23:41:45 ----D---- C:\ProgramData\Ubisoft
2011-07-04 21:24:19 ----RD---- C:\Program Files (x86)\Skype
2011-07-04 21:24:16 ----D---- C:\ProgramData\Skype
2011-07-04 21:23:46 ----D---- C:\Users\datart\AppData\Roaming\skypePM
2011-07-04 11:49:49 ----D---- C:\ProgramData\Skype Extras
2011-07-04 10:32:27 ----D---- C:\Program Files (x86)\Boiling Point - Cesta do pekel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-19 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-04-03 314016]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-04-03 43680]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-25 309760]
R3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-06-24 32880]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-06-23 931168]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 SaiHA503;SaiHA503; C:\Windows\system32\DRIVERS\SaiHA503.sys [2006-07-07 325120]
R3 SaiLA503;SaiLA503; C:\Windows\system32\DRIVERS\SaiLA503.sys [2006-07-07 22016]
R3 SaiUA503;SaiUA503; C:\Windows\system32\DRIVERS\SaiUA503.sys [2006-07-07 40576]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-06-18 515584]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-17 1403440]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 atillk64;atillk64; \??\C:\Program Files (x86)\AMD GPU Clock Tool\atillk64.sys []
S3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys [2006-11-10 30720]
S3 AVerAF35;HP USB DVB-T TV Tuner; C:\Windows\System32\Drivers\HPAF35.sys [2009-10-19 511104]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTMCOM;Bluetooth Serial Port; C:\Windows\System32\Drivers\btmcom.sys [2010-04-09 52736]
S3 BTMMODEM;Bluetooth Modem Device; C:\Windows\system32\DRIVERS\btmcom.sys [2010-04-09 52736]
S3 BTMUSB;Motorola Bluetooth Radio Service; C:\Windows\System32\Drivers\btmusb.sys [2010-06-29 3232768]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 HPIR;HP TV Tuner Infrared Receiver; C:\Windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-12 232992]
S3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2006-07-18 53248]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-25 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2010-04-23 445192]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-01 325656]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-07-16 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-07-16 107832]
R2 S3DSvc32;S3D Service (Win32); C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-25 360960]
R2 S3DSvc64;S3D Service (Win64); C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-25 480768]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-03 348672]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-03 502272]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-03 256000]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-06-18 258048]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 Bluetooth Device Manager;Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-19 1028096]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 934760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-19 647680]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-20 1255736]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 03 srp 2011 21:17

Zdravim a pekny vecer preji

Kdyz pouzivate nelegalni zabezpeceni (ESET Smart Security), tak se nedivte - takze po ukonceni leceni tam dame free reseni, souhlas

ricv · #3 Příspěvek od **ricv** » 03 srp 2011 21:20

ok sem pro

tak jak nato ?

#4 Příspěvek od **vyosek** » 03 srp 2011 21:25

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

ricv · #5 Příspěvek od **ricv** » 03 srp 2011 21:31

1. log

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: datart [Admin rights]
Mode: Remove -- Date : 08/03/2011 22:28:05

Bad processes: 0

Registry Entries: 13
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

ricv · #6 Příspěvek od **ricv** » 03 srp 2011 21:35

2.log

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: datart [Admin rights]
Mode: HOSTSFix -- Date : 08/03/2011 22:33:17

Bad processes: 0

HOSTS File:
127.0.0.1 localhost

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

ricv · #7 Příspěvek od **ricv** » 03 srp 2011 21:35

3.log

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: datart [Admin rights]
Mode: ProxyFix -- Date : 08/03/2011 22:33:22

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#8 Příspěvek od **vyosek** » 03 srp 2011 21:40

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ricv · #9 Příspěvek od **ricv** » 03 srp 2011 21:41

ale ten exeHelper prestane pracovat vzdycky

ale ten exehelperlog se mi vytvoril

#10 Příspěvek od **vyosek** » 03 srp 2011 21:42

Nevadi, pokracujte ComboFixem

ricv · #11 Příspěvek od **ricv** » 03 srp 2011 22:04

tak tady to je:

ComboFix 11-08-03.03 - datart 03.08.2011 22:42:58.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2434 [GMT 2:00]
Spuštěný z: c:\users\datart\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\c5861be85342fb2b7f97295ed98d23d1.elf
c:\windows\phoenix\kernels\phatk\ce044e4cd4c8e62b5907b3aac1b6303a.elf
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\b3dd6f4dfa39bff7f686dec88ed197ea.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\efc6e4a6af26a8e200897be897f9df7f.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\security\Database\tmp.edb
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\no
c:\windows\system32\no\DPCrProv.dll.mui
c:\windows\system32\no\DPFPApiUI.dll.mui
c:\windows\system32\no\DPPassFilter.dll.mui
c:\windows\system32\SV
c:\windows\system32\SV\DPCrProv.dll.mui
c:\windows\system32\SV\DPFPApiUI.dll.mui
c:\windows\system32\SV\DPPassFilter.dll.mui
c:\windows\systemup.exe
c:\windows\SysWow64\no
c:\windows\SysWow64\no\DPCrProv.dll.mui
c:\windows\SysWow64\no\DPFPApiUI.dll.mui
c:\windows\SysWow64\no\DPPassFilter.dll.mui
c:\windows\SysWow64\SV
c:\windows\SysWow64\SV\DPCrProv.dll.mui
c:\windows\SysWow64\SV\DPFPApiUI.dll.mui
c:\windows\SysWow64\SV\DPPassFilter.dll.mui
c:\windows\TEMP\7766875.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.3
c:\windows\update.3\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-03 do 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 20:49 . 2011-08-03 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-03 19:42 . 2011-08-03 19:48 -------- d-----w- c:\program files\trend micro
2011-08-03 19:42 . 2011-08-03 19:43 -------- d-----w- C:\rsit
2011-08-03 18:00 . 2011-08-03 18:01 -------- d-----w- c:\program files\iTunes
2011-08-03 18:00 . 2011-08-03 18:00 -------- d-----w- c:\program files\iPod
2011-08-03 17:58 . 2011-08-03 17:58 -------- d-----w- c:\program files\Bonjour
2011-08-03 17:58 . 2011-08-03 17:58 -------- d-----w- c:\program files (x86)\Bonjour
2011-08-03 17:51 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32D31576-16DA-48E4-9F6B-DBD4A6547300}\mpengine.dll
2011-07-22 17:38 . 2011-08-03 17:52 -------- d-----w- c:\program files (x86)\Steam
2011-07-22 17:38 . 2011-07-22 17:38 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-22 12:27 . 2011-04-13 20:59 706 ----a-w- c:\program files (x86)\Launch.bat
2011-07-22 12:27 . 2011-04-13 12:56 -------- d-----w- c:\program files (x86)\parts
2011-07-22 12:27 . 2011-04-13 12:56 -------- d-----w- c:\program files (x86)\backgrounds
2011-07-22 10:14 . 2011-07-22 10:14 -------- d-----w- c:\program files\Codemasters
2011-07-21 23:26 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 23:26 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 19:14 . 2011-07-21 19:14 -------- d-----w- c:\windows\Sun
2011-07-20 21:50 . 2011-07-20 21:50 -------- d-----w- c:\program files (x86)\RocketDock
2011-07-19 20:54 . 2011-07-19 20:54 -------- d-----w- c:\program files (x86)\Safari
2011-07-18 11:30 . 2011-07-18 11:30 -------- d-----w- c:\windows\ufa
2011-07-18 11:30 . 2011-07-18 11:31 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 11:28 . 2011-07-18 11:28 -------- d-----w- c:\windows\av_ico
2011-07-18 11:27 . 2011-08-03 20:49 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 11:27 . 2011-07-18 11:27 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-17 08:45 . 2011-07-17 08:45 -------- d-----w- c:\users\datart\AppData\Local\EA Games
2011-07-17 08:36 . 2011-07-17 08:36 7150 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-07-16 16:54 . 2011-07-16 16:54 -------- d-----w- c:\program files\Mafia
2011-07-16 13:30 . 2011-07-16 13:30 -------- d-----w- c:\users\datart\AppData\Local\My Games
2011-07-16 13:05 . 2011-07-16 13:05 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-15 14:21 . 2008-04-28 10:03 47160 ----a-w- c:\windows\system32\drivers\AmdTools64.sys
2011-07-15 14:21 . 2011-07-15 14:22 -------- d-----w- c:\program files (x86)\AMD GPU Clock Tool
2011-07-14 19:45 . 2011-07-14 19:45 -------- d-----w- c:\users\datart\AppData\Local\ArmA 2
2011-07-12 19:28 . 2011-07-12 19:28 -------- d-----w- c:\programdata\Synetic
2011-07-12 13:42 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-07-12 12:34 . 2011-07-12 12:34 -------- d-----w- c:\program files (x86)\Aspyr
2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:34 . 2011-07-12 09:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:34 . 2011-07-12 09:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-10 13:41 . 2011-07-10 13:44 -------- d-----w- c:\program files (x86)\Minecraft
2011-07-10 13:35 . 2011-07-20 18:23 -------- d-----w- c:\users\datart\AppData\Roaming\.minecraft
2011-07-10 11:35 . 2011-08-03 17:46 -------- d-----w- c:\users\datart\AppData\Local\LogMeIn Hamachi
2011-07-10 11:35 . 2011-07-10 11:35 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-07-06 21:50 . 2011-07-06 21:50 -------- d-----w- c:\programdata\EA Logs
2011-07-05 12:41 . 2011-07-05 12:41 -------- d-----w- c:\users\datart\AppData\Roaming\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 13:03 . 2011-04-01 11:46 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-16 13:03 . 2011-04-01 11:46 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-16 13:03 . 2011-04-18 15:48 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-06-18 17:42 . 2011-05-13 20:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 13:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-14 13:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-03 05:57 . 2011-07-13 00:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-04-06 02:03 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2010-08-18 23:49 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-04-06 01:53 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-04-06 01:26 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2011-04-20 01:49 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-04-06 01:35 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2010-08-18 23:49 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-04-06 01:20 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2010-08-18 23:49 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-24 17:14 . 2011-02-19 11:44 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 11:48 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 11:48 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 11:48 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 11:48 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 11:48 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-16 15:15 . 2011-05-15 18:11 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-13 16:58 . 2011-05-13 16:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 16:58 . 2009-07-08 10:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-13 16:58 . 2011-05-13 16:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 16:58 . 2011-05-13 16:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 16:57 . 2011-05-13 16:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-10 14:09 . 2011-04-09 18:09 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\DRIVERS\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]
S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-18 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiHA503;SaiHA503;c:\windows\system32\DRIVERS\SaiHA503.sys [x]
S3 SaiLA503;SaiLA503;c:\windows\system32\DRIVERS\SaiLA503.sys [x]
S3 SaiUA503;SaiUA503;c:\windows\system32\DRIVERS\SaiUA503.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 11:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-24 c:\windows\Tasks\HPCeeScheduleFordatart.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF40.cfxxe" [X]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-systemup - c:\windows\systemup.exe
Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Wow6432Node-HKLM-Run-w_distrib.exe - c:\windows\update.3\svchost.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1686840696-3354219037-825265509-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,25,e2,90,65,86,05,a5,9e,86,ad,eb,1e,91,55,60,70,8b,28,cb,dd,65,41,
1f,54,43,e7,2a,15,26,ec,c5,f3,6b,f3,6a,ed,37,42,f1,89,5a,34,a6,45,6b,3c,ca,\
"??"=hex:d2,36,73,75,74,d6,42,35,e4,b3,60,fe,66,d5,45,b1
.
[HKEY_USERS\S-1-5-21-1686840696-3354219037-825265509-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,b1,56,b9,af,3a,4f,4f,8e,0c,53,f9,08,03,16,bd,f9,dc,e0,2d,34,
b1,e1,1b,fb,c5,90,0c,51,b5,8e,97,77,73,3e,5a,0f,22,42,86,9d,18,5c,ea,2b,74,\
"rkeysecu"=hex:84,f5,35,ab,d8,18,af,d9,c0,47,a7,9b,ba,db,a7,a5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2011-08-03 22:56:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-03 20:56
.
Před spuštěním: Volných bajtů: 460 404 408 320
Po spuštění: Volných bajtů: 463 569 858 560
.
- - End Of File - - 591DE5ACABE2547A5C0633F322EDDA1E

#12 Příspěvek od **vyosek** » 03 srp 2011 23:15

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\uTorrentBar
c:\program files (x86)\TNod User & Password Finder
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk

File::
c:\windows\unrar.exe

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"RocketDock"=-
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"LogMeIn Hamachi Ui"=-
"iTunesHelper"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ricv · #13 Příspěvek od **ricv** » 04 srp 2011 09:43

pise to ze je spatne nahlaskovany

co s tim

ricv · #14 Příspěvek od **ricv** » 04 srp 2011 10:07

mam to tady je log:

ComboFix 11-08-03.03 - datart 04.08.2011 10:44:50.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2472 [GMT 2:00]
Spuštěný z: c:\users\datart\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\datart\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TNod User & Password Finder
c:\program files (x86)\TNod User & Password Finder\CREDITOS.txt
c:\program files (x86)\TNod User & Password Finder\LEEME.txt
c:\program files (x86)\TNod User & Password Finder\tnodicons.icl
c:\program files (x86)\TNod User & Password Finder\uninst-tnod.exe
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\INSTALL.LOG
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\UNWISE.EXE
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-04 do 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 08:51 . 2011-08-04 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-03 19:42 . 2011-08-03 19:48 -------- d-----w- c:\program files\trend micro
2011-08-03 19:42 . 2011-08-03 19:43 -------- d-----w- C:\rsit
2011-08-03 18:00 . 2011-08-03 18:01 -------- d-----w- c:\program files\iTunes
2011-08-03 18:00 . 2011-08-03 18:00 -------- d-----w- c:\program files\iPod
2011-08-03 17:58 . 2011-08-03 17:58 -------- d-----w- c:\program files\Bonjour
2011-08-03 17:58 . 2011-08-03 17:58 -------- d-----w- c:\program files (x86)\Bonjour
2011-08-03 17:51 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32D31576-16DA-48E4-9F6B-DBD4A6547300}\mpengine.dll
2011-07-22 17:38 . 2011-08-04 08:22 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-22 17:38 . 2011-08-04 08:22 -------- d-----w- c:\program files (x86)\Steam
2011-07-22 12:27 . 2011-04-13 20:59 706 ----a-w- c:\program files (x86)\Launch.bat
2011-07-22 12:27 . 2011-04-13 12:56 -------- d-----w- c:\program files (x86)\parts
2011-07-22 12:27 . 2011-04-13 12:56 -------- d-----w- c:\program files (x86)\backgrounds
2011-07-22 10:14 . 2011-07-22 10:14 -------- d-----w- c:\program files\Codemasters
2011-07-21 23:26 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 23:26 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 19:14 . 2011-07-21 19:14 -------- d-----w- c:\windows\Sun
2011-07-20 21:50 . 2011-07-20 21:50 -------- d-----w- c:\program files (x86)\RocketDock
2011-07-19 20:54 . 2011-07-19 20:54 -------- d-----w- c:\program files (x86)\Safari
2011-07-17 08:45 . 2011-07-17 08:45 -------- d-----w- c:\users\datart\AppData\Local\EA Games
2011-07-17 08:36 . 2011-07-17 08:36 7150 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-07-16 16:54 . 2011-07-16 16:54 -------- d-----w- c:\program files\Mafia
2011-07-16 13:30 . 2011-07-16 13:30 -------- d-----w- c:\users\datart\AppData\Local\My Games
2011-07-16 13:05 . 2011-07-16 13:05 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-15 14:21 . 2008-04-28 10:03 47160 ----a-w- c:\windows\system32\drivers\AmdTools64.sys
2011-07-15 14:21 . 2011-07-15 14:22 -------- d-----w- c:\program files (x86)\AMD GPU Clock Tool
2011-07-14 19:45 . 2011-07-14 19:45 -------- d-----w- c:\users\datart\AppData\Local\ArmA 2
2011-07-12 19:28 . 2011-07-12 19:28 -------- d-----w- c:\programdata\Synetic
2011-07-12 13:42 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-07-12 12:34 . 2011-07-12 12:34 -------- d-----w- c:\program files (x86)\Aspyr
2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:34 . 2011-07-12 09:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:34 . 2011-07-12 09:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-10 13:41 . 2011-07-10 13:44 -------- d-----w- c:\program files (x86)\Minecraft
2011-07-10 13:35 . 2011-07-20 18:23 -------- d-----w- c:\users\datart\AppData\Roaming\.minecraft
2011-07-10 11:35 . 2011-08-04 08:51 -------- d-----w- c:\users\datart\AppData\Local\LogMeIn Hamachi
2011-07-10 11:35 . 2011-07-10 11:35 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-07-06 21:50 . 2011-07-06 21:50 -------- d-----w- c:\programdata\EA Logs
2011-07-05 12:41 . 2011-07-05 12:41 -------- d-----w- c:\users\datart\AppData\Roaming\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 13:03 . 2011-04-01 11:46 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-16 13:03 . 2011-04-01 11:46 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-16 13:03 . 2011-04-18 15:48 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-06-18 17:42 . 2011-05-13 20:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 13:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-14 13:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-03 05:57 . 2011-07-13 00:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-04-06 02:03 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2010-08-18 23:49 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-04-06 01:53 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-04-06 01:26 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2011-04-20 01:49 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-04-06 01:35 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2010-08-18 23:49 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-04-06 01:20 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2010-08-18 23:49 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-24 17:14 . 2011-02-19 11:44 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 11:48 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 11:48 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 11:48 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 11:48 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 11:48 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-16 15:15 . 2011-05-15 18:11 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-13 16:58 . 2011-05-13 16:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 16:58 . 2009-07-08 10:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-13 16:58 . 2011-05-13 16:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 16:58 . 2011-05-13 16:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 16:57 . 2011-05-13 16:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-10 14:09 . 2011-04-09 18:09 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-03_20.51.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 10:54 . 2011-08-03 21:01 59056 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-08-03 17:48 41828 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-04 08:24 41828 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-16 09:41 . 2011-08-04 08:24 12044 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1686840696-3354219037-825265509-1000_UserData.bin
+ 2010-08-18 23:54 . 2011-08-04 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-18 23:54 . 2011-08-03 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-18 23:54 . 2011-08-04 08:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-18 23:54 . 2011-08-03 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-04 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-03 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-13 13:52 . 2011-08-04 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-13 13:52 . 2011-08-03 17:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-13 13:52 . 2011-08-03 17:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-13 13:52 . 2011-08-04 08:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-13 13:52 . 2011-08-04 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-13 13:52 . 2011-08-03 17:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 03:53 . 2011-08-03 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 03:53 . 2011-08-04 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 03:53 . 2011-08-04 08:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 03:53 . 2011-08-03 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-04 08:53 . 2011-08-04 08:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-03 20:51 . 2011-08-03 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-04 08:53 . 2011-08-04 08:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-03 20:51 . 2011-08-03 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-15 04:59 . 2011-08-04 08:02 308816 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-08-03 17:53 624776 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-04 08:29 624776 c:\windows\system32\perfh009.dat
- 2010-08-17 20:09 . 2011-08-03 17:53 639986 c:\windows\system32\perfh005.dat
+ 2010-08-17 20:09 . 2011-08-04 08:29 639986 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-08-03 17:53 110414 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-04 08:29 110414 c:\windows\system32\perfc009.dat
+ 2010-08-17 20:09 . 2011-08-04 08:29 126866 c:\windows\system32\perfc005.dat
- 2010-08-17 20:09 . 2011-08-03 17:53 126866 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-08-04 08:52 417840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-03 20:50 417840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-01-09 09:40 . 2011-07-18 11:25 7907865 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1686840696-3354219037-825265509-1000-8192.dat
+ 2011-01-09 09:40 . 2011-08-04 08:52 7907865 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1686840696-3354219037-825265509-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\DRIVERS\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SaiHA503;SaiHA503;c:\windows\system32\DRIVERS\SaiHA503.sys [x]
R3 SaiLA503;SaiLA503;c:\windows\system32\DRIVERS\SaiLA503.sys [x]
R3 SaiUA503;SaiUA503;c:\windows\system32\DRIVERS\SaiUA503.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]
S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-18 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 11:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\HPCeeScheduleFordatart.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-uTorrentBar Toolbar - c:\progra~2\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1686840696-3354219037-825265509-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,25,e2,90,65,86,05,a5,9e,86,ad,eb,1e,91,55,60,70,8b,28,cb,dd,65,41,
1f,54,43,e7,2a,15,26,ec,c5,f3,6b,f3,6a,ed,37,42,f1,89,5a,34,a6,45,6b,3c,ca,\
"??"=hex:d2,36,73,75,74,d6,42,35,e4,b3,60,fe,66,d5,45,b1
.
[HKEY_USERS\S-1-5-21-1686840696-3354219037-825265509-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,b1,56,b9,af,3a,4f,4f,8e,0c,53,f9,08,03,16,bd,f9,dc,e0,2d,34,
b1,e1,1b,fb,c5,90,0c,51,b5,8e,97,77,73,3e,5a,0f,22,42,86,9d,18,5c,ea,2b,74,\
"rkeysecu"=hex:84,f5,35,ab,d8,18,af,d9,c0,47,a7,9b,ba,db,a7,a5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2011-08-04 10:58:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-04 08:58
ComboFix2.txt 2011-08-03 20:56
.
Před spuštěním: Volných bajtů: 461 762 060 288
Po spuštění: Volných bajtů: 461 551 144 960
.
- - End Of File - - FFE637F6A0CFEDC6EC4F791AEC4C187C

#15 Příspěvek od **vyosek** » 04 srp 2011 20:07

No ale zkusebni doba NODu (30 dni) jiz vyprsela ze

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC touto utilitou at se zbavime zbytku poskozeneho antiviru http://download.eset.com/special/ESETUninstaller.exe postup je zde http://www.viry.cz/forum/viewtopic.php?p=889437#p889437

Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download

Napiste co PC a dejte novy log z RSIT

VIRY.CZ

facebook problem vir

facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir

Re: facebook problem vir