vir na flash, combofix, pak čisto, problémy s av a updaty

[kotyz85]

Na bráchovo notebooku s win 7 po připojení flash disku nod32 něco hlásil a snad i smazal, pak něco hlásil i spyware terminator a pak se nešlo normálně přihlásit (asi až druhej den po zapnutí), ale přihlásilo se to na nějakej dočasnej profil (až potud sem u toho nebyl). Pak sem k tomu přišel já, po restartu se to už přihlásilo na normální účet uživatele, všechny ikony na svym místě, zkusil sem nod32 ale nestáhnul si aktualizace, win update taky nešlo, tak sem vytáh síťovej kabel, nastartoval v nouzovym režimu a pouštěl ccleanrer a combofix (combofix smazal c:\programdata\FullRemove.exe a c:\windows\system32\regobj.dll) pak sem ještě dál v tom nouzáku pustil nod32 (sken v příkazovym řádku) a spyware terminator kde kontrola proběhla a nic se nenašlo. Pak už zase v normálnim režimu (se znovu připojenym síťovym kabelem) sem znova testoval a nic to nenašlo, aktualizace už ale fungovali a nějaký se nainstalovali. Dál sem zkoušel ještě malwarebytes a taky nic nenašel, už to vypadalo že to je čistý, ale pak ty poslední poslední aktulizace z win update (mezi nima sp1 a ie9) se už nenainstalovali (nešly ani ručně když sem si stáh instalátor, chyba nedostatek prostředků). Nod32 se taky choval divně, při kontrole disku se seknul pokaždý na 38%, proces ekrn zabral 99% procesoru a zůstal tak i po zrušení kontroly a vypnutí rezidentu. Při stahování souborů z netu nebo i instalaci doplňků pro firefox se kvůli nodu a jeho kontrole souborů stahování na 99% seklo třeba na 5 minut a opět ekrn zabíral svejch 99% a větrák běžel naplno. Přeinstalace nodu to nevyřešila. Tak sem ho odinstaloval a dal tam ms security essentials, aktualizace databáze ok, nevytěžuje procesor, ale taky tu kontrolu nedokončí (neznámá chyba, nainstalujte aktualizace a zkuste to znova). Mam k tomu všemu 2 logy z combofixu, jeden z usbfixu, jeden z upm a pár screenshotů. Ten flashdisk sem otevřel v linuxu a našel sem tam a smazal ve složce recycler soubor 0xA25D5DBD.exe (mam ho taky schovanej, kdyby to někdo chtěl analyzovat). Ten první log z combofixu, tam jak se mazalo, hodim ještě sem, všechno ostatní je zazipovaný v příloze.

ComboFix 11-08-11.01 - Hilltor 11.08.2011 13:47:03.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3037.2361 [GMT 2:00]
Spuštěný z: f:\ostatni_cistice\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-11 do 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 10:17 . 2011-08-11 10:17 -------- d-----w- c:\program files\MSXML 4.0
2011-07-31 01:08 . 2011-07-31 01:08 -------- d-----w- c:\program files\Common Files\Atheros
2011-07-31 01:08 . 2011-07-31 01:08 -------- d-----w- c:\program files\Bluetooth Suite
2011-07-29 19:52 . 2011-07-29 19:52 -------- d-----w- c:\users\Hilltor\AppData\Local\CrashDumps
2011-07-29 19:05 . 2011-07-29 19:05 -------- d-----w- c:\programdata\Atheros
2011-07-29 18:47 . 2011-07-29 18:47 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-07-29 18:42 . 2011-07-29 18:42 -------- d-----w- c:\users\Hilltor\AppData\Local\BMExplorer
2011-07-13 19:12 . 2011-07-13 19:13 -------- d-----w- c:\users\Hilltor\AppData\Roaming\avidemux
2011-07-13 19:07 . 2011-07-13 19:07 -------- d-----w- c:\program files\Avidemux 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 10:19 . 2011-05-17 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-12-28 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 13834856]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-12-28 2216960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-25 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-28 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-11-25 43680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe [2011-07-29 119296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 15:35]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 15:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.50.1
FF - ProfilePath - c:\users\Hilltor\AppData\Roaming\Mozilla\Firefox\Profiles\0b5rf91i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Nuke Anything Enhanced: {1ced4832-f06e-413f-aa14-9eb63ad40ace} - %profile%\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - %profile%\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Ext: QuickJava: {E6C1199F-E687-42da-8C24-E7770CC3AE66} - %profile%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3283628575-1838000162-593940776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3283628575-1838000162-593940776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-11 13:53:06
ComboFix-quarantined-files.txt 2011-08-11 11:53
.
Před spuštěním: Volných bajtů: 124 904 124 416
Po spuštění: Volných bajtů: 124 698 968 064
.
- - End Of File - - C291C323A9C35EF9003006C3CC8E7C2C

[kotyz85]

Ještě log z RSIT, na ten sem zapoměl.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hilltor at 2011-08-13 12:51:58
Microsoft Windows 7 Home Premium
System drive C: has 127 GB (55%) free of 231 GB
Total RAM: 3037 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:10, on 13.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\Dwm.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\wuauclt.exe
C:\Users\Hilltor\Desktop\RSIT.exe
C:\Program Files\trend micro\Hilltor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Installer Service - Unknown owner - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8387 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hilltor\AppData\Roaming\Mozilla\Firefox\Profiles\0b5rf91i.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9, {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1, {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2, {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6, {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2, {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2007.30, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18, {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}:3.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npdjvu.dll
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Hilltor\AppData\Roaming\Mozilla\Firefox\Profiles\0b5rf91i.default\extensions\
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
{1ced4832-f06e-413f-aa14-9eb63ad40ace}
{37E4D8EA-8BDA-4831-8EA1-89053939A250}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
{dc572301-7619-498c-a57d-39143191b318}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-09-25 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-09-25 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-15 8120864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 1713448]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-07-21 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2010-02-10 13834856]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-12-28 2216960]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-12-28 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-13 12:51:58 ----D---- C:\rsit
2011-08-13 12:45:31 ----D---- C:\Program Files\trend micro
2011-08-13 01:40:06 ----D---- C:\Program Files\Microsoft Security Client
2011-08-13 00:42:35 ----SHD---- C:\$RECYCLE.BIN
2011-08-13 00:19:52 ----RAD---- C:\Autorun.inf
2011-08-12 23:31:22 ----D---- C:\Users\Hilltor\AppData\Roaming\Malwarebytes
2011-08-12 23:31:19 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 23:31:18 ----D---- C:\ProgramData\Malwarebytes
2011-08-12 23:31:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-12 23:31:15 ----A---- C:\windows\system32\drivers\mbam.sys
2011-08-12 22:23:20 ----D---- C:\windows\system32\EventProviders
2011-08-12 22:23:12 ----D---- C:\22255e402c6d822ce98076
2011-08-12 21:40:33 ----D---- C:\ProgramData\Windows Genuine Advantage
2011-08-12 21:21:50 ----D---- C:\ProgramData\OEM Links
2011-08-12 21:21:50 ----D---- C:\MININT
2011-08-12 21:21:47 ----D---- C:\Program Files\UMPlayer
2011-08-12 14:32:22 ----D---- C:\Program Files\Emsisoft Anti-Malware
2011-08-11 19:11:49 ----A---- C:\windows\system32\drivers\nvstor.sys
2011-08-11 19:11:48 ----A---- C:\windows\system32\drivers\nvraid.sys
2011-08-11 19:11:48 ----A---- C:\windows\system32\drivers\ntfs.sys
2011-08-11 19:11:47 ----A---- C:\windows\system32\esent.dll
2011-08-11 19:11:47 ----A---- C:\windows\system32\drivers\amdsata.sys
2011-08-11 19:11:46 ----A---- C:\windows\system32\drivers\storport.sys
2011-08-11 19:11:46 ----A---- C:\windows\system32\drivers\iaStorV.sys
2011-08-11 19:11:46 ----A---- C:\windows\system32\drivers\amdxata.sys
2011-08-11 19:11:45 ----A---- C:\windows\system32\fsutil.exe
2011-08-11 19:11:45 ----A---- C:\windows\system32\drivers\USBSTOR.SYS
2011-08-11 19:07:05 ----A---- C:\windows\system32\FntCache.dll
2011-08-11 19:07:05 ----A---- C:\windows\system32\DWrite.dll
2011-08-11 19:07:04 ----A---- C:\windows\system32\d2d1.dll
2011-08-11 18:31:46 ----A---- C:\windows\system32\drivers\usbport.sys
2011-08-11 18:31:46 ----A---- C:\windows\system32\drivers\usbehci.sys
2011-08-11 18:31:45 ----A---- C:\windows\system32\drivers\usbhub.sys
2011-08-11 18:31:45 ----A---- C:\windows\system32\drivers\usbccgp.sys
2011-08-11 18:31:44 ----A---- C:\windows\system32\drivers\usbuhci.sys
2011-08-11 18:31:44 ----A---- C:\windows\system32\drivers\usbohci.sys
2011-08-11 18:31:44 ----A---- C:\windows\system32\drivers\usbd.sys
2011-08-11 18:29:07 ----A---- C:\windows\system32\drivers\srv.sys
2011-08-11 18:29:06 ----A---- C:\windows\system32\drivers\srv2.sys
2011-08-11 18:29:04 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-08-11 18:28:38 ----A---- C:\windows\system32\oleaut32.dll
2011-08-11 18:28:15 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 18:28:14 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-08-11 18:28:14 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-08-11 17:31:26 ----D---- C:\Program Files\Common Files\Atheros
2011-08-11 17:14:25 ----A---- C:\windows\system32\mshtml.dll
2011-08-11 17:14:21 ----A---- C:\windows\system32\iertutil.dll
2011-08-11 17:14:18 ----A---- C:\windows\system32\ieframe.dll
2011-08-11 17:14:17 ----A---- C:\windows\system32\urlmon.dll
2011-08-11 17:14:16 ----A---- C:\windows\system32\mstime.dll
2011-08-11 17:14:16 ----A---- C:\windows\system32\msfeeds.dll
2011-08-11 17:14:15 ----A---- C:\windows\system32\wininet.dll
2011-08-11 17:14:15 ----A---- C:\windows\system32\msfeedsbs.dll
2011-08-11 17:14:15 ----A---- C:\windows\system32\licmgr10.dll
2011-08-11 17:14:15 ----A---- C:\windows\system32\iepeers.dll
2011-08-11 17:14:15 ----A---- C:\windows\system32\iedkcs32.dll
2011-08-11 17:14:14 ----A---- C:\windows\system32\url.dll
2011-08-11 17:14:14 ----A---- C:\windows\system32\mshtmled.dll
2011-08-11 17:14:14 ----A---- C:\windows\system32\ieui.dll
2011-08-11 17:14:13 ----A---- C:\windows\system32\msfeedssync.exe
2011-08-11 17:14:13 ----A---- C:\windows\system32\jsproxy.dll
2011-08-11 17:14:10 ----A---- C:\windows\system32\odbc32.dll
2011-08-11 17:14:08 ----A---- C:\windows\system32\kerberos.dll
2011-08-11 17:13:55 ----A---- C:\windows\system32\ntoskrnl.exe
2011-08-11 17:13:55 ----A---- C:\windows\system32\ntkrnlpa.exe
2011-08-11 17:13:52 ----A---- C:\windows\system32\drivers\dfsc.sys
2011-08-11 17:13:51 ----A---- C:\windows\system32\KernelBase.dll
2011-08-11 17:13:50 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 17:13:50 ----A---- C:\windows\system32\winsrv.dll
2011-08-11 17:13:50 ----A---- C:\windows\system32\kernel32.dll
2011-08-11 17:13:50 ----A---- C:\windows\system32\conhost.exe
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 17:13:48 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 17:13:47 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 17:13:46 ----A---- C:\windows\system32\xmllite.dll
2011-08-11 17:13:43 ----A---- C:\windows\system32\webio.dll
2011-08-11 17:13:41 ----A---- C:\windows\system32\drivers\afd.sys
2011-08-11 17:13:40 ----A---- C:\windows\system32\dnsrslvr.dll
2011-08-11 17:13:40 ----A---- C:\windows\system32\dnsapi.dll
2011-08-11 17:13:39 ----A---- C:\windows\system32\dnscacheugc.exe
2011-08-11 17:13:37 ----A---- C:\windows\system32\tquery.dll
2011-08-11 17:13:37 ----A---- C:\windows\system32\mssrch.dll
2011-08-11 17:13:35 ----A---- C:\windows\system32\SearchIndexer.exe
2011-08-11 17:13:35 ----A---- C:\windows\system32\mssvp.dll
2011-08-11 17:13:35 ----A---- C:\windows\system32\mssph.dll
2011-08-11 17:13:34 ----A---- C:\windows\system32\SearchProtocolHost.exe
2011-08-11 17:13:34 ----A---- C:\windows\system32\SearchFilterHost.exe
2011-08-11 17:13:34 ----A---- C:\windows\system32\mssphtb.dll
2011-08-11 17:13:34 ----A---- C:\windows\system32\msscntrs.dll
2011-08-11 17:13:32 ----A---- C:\windows\system32\XpsPrint.dll
2011-08-11 17:13:32 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-08-11 17:13:29 ----A---- C:\windows\system32\vbscript.dll
2011-08-11 17:13:29 ----A---- C:\windows\system32\jscript.dll
2011-08-11 17:13:28 ----A---- C:\windows\system32\inetcomm.dll
2011-08-11 17:13:26 ----A---- C:\windows\system32\EncDec.dll
2011-08-11 17:13:26 ----A---- C:\windows\system32\CPFilters.dll
2011-08-11 17:13:25 ----A---- C:\windows\system32\sbe.dll
2011-08-11 17:13:23 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-08-11 17:13:23 ----A---- C:\windows\system32\atmlib.dll
2011-08-11 17:13:23 ----A---- C:\windows\system32\atmfd.dll
2011-08-11 17:13:22 ----A---- C:\windows\system32\umpnpmgr.dll
2011-08-11 17:13:20 ----A---- C:\windows\explorer.exe
2011-08-11 17:13:19 ----A---- C:\windows\system32\FXSCOVER.exe
2011-08-11 17:13:18 ----A---- C:\windows\system32\wmicmiplugin.dll
2011-08-11 17:13:18 ----A---- C:\windows\system32\taskschd.dll
2011-08-11 17:13:18 ----A---- C:\windows\system32\taskeng.exe
2011-08-11 17:13:18 ----A---- C:\windows\system32\schedsvc.dll
2011-08-11 17:13:17 ----A---- C:\windows\system32\taskcomp.dll
2011-08-11 17:13:17 ----A---- C:\windows\system32\schtasks.exe
2011-08-11 17:13:15 ----A---- C:\windows\system32\tzres.dll
2011-08-11 17:13:04 ----A---- C:\windows\system32\mstscax.dll
2011-08-11 17:13:04 ----A---- C:\windows\system32\mstsc.exe
2011-08-11 17:11:15 ----A---- C:\windows\system32\win32k.sys
2011-08-11 17:11:08 ----A---- C:\windows\system32\odbcjt32.dll
2011-08-11 17:11:08 ----A---- C:\windows\system32\odbccu32.dll
2011-08-11 17:11:08 ----A---- C:\windows\system32\odbccr32.dll
2011-08-11 17:11:08 ----A---- C:\windows\system32\odbccp32.dll
2011-08-11 17:11:07 ----A---- C:\windows\system32\odbctrac.dll
2011-08-11 17:11:04 ----A---- C:\windows\system32\d3d10_1.dll
2011-08-11 17:10:56 ----A---- C:\windows\system32\ntdll.dll
2011-08-11 17:10:46 ----A---- C:\windows\system32\d3d10warp.dll
2011-08-11 17:10:45 ----A---- C:\windows\system32\d3d10_1core.dll
2011-08-11 17:10:44 ----A---- C:\windows\system32\XpsRasterService.dll
2011-08-11 17:10:44 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-08-11 17:10:38 ----A---- C:\windows\system32\upnp.dll
2011-08-11 17:10:35 ----A---- C:\windows\system32\msxml6.dll
2011-08-11 17:10:34 ----A---- C:\windows\system32\winhttp.dll
2011-08-11 17:10:34 ----A---- C:\windows\system32\WebClnt.dll
2011-08-11 17:10:34 ----A---- C:\windows\system32\msxml3.dll
2011-08-11 17:10:34 ----A---- C:\windows\system32\davclnt.dll
2011-08-11 17:10:33 ----A---- C:\windows\system32\wscsvc.dll
2011-08-11 17:10:33 ----A---- C:\windows\system32\wscapi.dll
2011-08-11 17:10:33 ----A---- C:\windows\system32\slwga.dll
2011-08-11 17:10:24 ----A---- C:\windows\system32\consent.exe
2011-08-11 17:10:09 ----A---- C:\windows\system32\mfc42.dll
2011-08-11 17:10:08 ----A---- C:\windows\system32\mfc42u.dll
2011-08-11 17:09:57 ----A---- C:\windows\system32\drivers\bowser.sys
2011-08-11 17:09:34 ----A---- C:\windows\system32\poqexec.exe
2011-08-11 17:09:32 ----A---- C:\windows\system32\drivers\Diskdump.sys
2011-08-11 17:07:18 ----A---- C:\windows\system32\prevhost.exe
2011-08-11 16:58:11 ----A---- C:\windows\system32\wcncsvc.dll
2011-08-11 16:05:31 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-08-11 16:05:26 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-08-11 16:05:26 ----A---- C:\windows\system32\cdd.dll
2011-08-11 13:53:07 ----D---- C:\windows\temp
2011-08-11 13:45:14 ----A---- C:\windows\zip.exe
2011-08-11 13:45:14 ----A---- C:\windows\SWSC.exe
2011-08-11 13:45:14 ----A---- C:\windows\SWREG.exe
2011-08-11 13:45:14 ----A---- C:\windows\sed.exe
2011-08-11 13:45:14 ----A---- C:\windows\PEV.exe
2011-08-11 13:45:14 ----A---- C:\windows\NIRCMD.exe
2011-08-11 13:45:14 ----A---- C:\windows\MBR.exe
2011-08-11 13:45:14 ----A---- C:\windows\grep.exe
2011-08-11 13:45:11 ----D---- C:\windows\ERDNT
2011-08-11 13:44:41 ----D---- C:\Qoobox
2011-08-11 12:17:10 ----D---- C:\Program Files\MSXML 4.0
2011-07-29 21:55:38 ----A---- C:\mini-agent.txt
2011-07-29 21:05:20 ----D---- C:\ProgramData\Atheros
2011-07-29 20:47:48 ----D---- C:\ProgramData\NokiaInstallerCache

======List of files/folders modified in the last 1 month======

2011-08-13 12:45:31 ----RD---- C:\Program Files
2011-08-13 12:42:35 ----D---- C:\windows\system32\config
2011-08-13 12:42:19 ----D---- C:\Windows
2011-08-13 01:52:08 ----D---- C:\windows\winsxs
2011-08-13 01:40:25 ----SHD---- C:\windows\Installer
2011-08-13 01:40:25 ----D---- C:\Config.Msi
2011-08-13 01:40:17 ----D---- C:\windows\System32
2011-08-13 01:40:17 ----D---- C:\windows\inf
2011-08-13 01:40:17 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-08-13 01:40:16 ----SD---- C:\ProgramData\Microsoft
2011-08-13 01:40:16 ----D---- C:\windows\system32\drivers
2011-08-13 01:40:16 ----D---- C:\windows\system32\catroot
2011-08-13 01:36:11 ----D---- C:\Program Files\Internet Explorer
2011-08-13 01:19:54 ----D---- C:\windows\Logs
2011-08-13 01:16:55 ----D---- C:\windows\servicing
2011-08-13 00:48:51 ----D---- C:\windows\SoftwareDistribution
2011-08-13 00:41:44 ----N---- C:\windows\system.ini
2011-08-13 00:35:21 ----D---- C:\windows\AppPatch
2011-08-13 00:35:20 ----D---- C:\Program Files\Common Files
2011-08-12 23:31:18 ----D---- C:\ProgramData
2011-08-12 22:36:17 ----D---- C:\windows\Prefetch
2011-08-12 21:40:27 ----D---- C:\windows\Downloaded Program Files
2011-08-12 21:21:50 ----D---- C:\windows\Resources
2011-08-12 21:16:25 ----D---- C:\windows\system32\cs-CZ
2011-08-12 21:16:24 ----D---- C:\windows\system32\DriverStore
2011-08-12 19:50:17 ----D---- C:\Program Files\Mozilla Firefox
2011-08-12 19:45:21 ----SHD---- C:\System Volume Information
2011-08-12 13:05:08 ----D---- C:\ProgramData\Spyware Terminator
2011-08-12 13:04:41 ----D---- C:\Users\Hilltor\AppData\Roaming\Spyware Terminator
2011-08-12 05:20:09 ----RSD---- C:\windows\assembly
2011-08-12 05:20:08 ----D---- C:\Program Files\ESRI
2011-08-12 02:54:43 ----D---- C:\windows\rescache
2011-08-11 19:53:37 ----D---- C:\windows\Microsoft.NET
2011-08-11 19:08:00 ----D---- C:\windows\system32\catroot2
2011-08-11 17:55:40 ----D---- C:\windows\system32\migration
2011-08-11 17:29:35 ----D---- C:\Program Files\Microsoft
2011-08-11 17:20:09 ----RSD---- C:\windows\Fonts
2011-08-11 17:20:09 ----D---- C:\Program Files\Windows Mail
2011-08-11 17:08:30 ----D---- C:\windows\debug
2011-08-11 13:54:51 ----D---- C:\Program Files\Spyware Terminator
2011-08-11 13:51:45 ----D---- C:\windows\system32\drivers\etc
2011-08-11 13:31:19 ----D---- C:\Users\Hilltor\AppData\Roaming\Winamp
2011-08-11 12:15:44 ----RD---- C:\Users
2011-07-30 10:05:12 ----A---- C:\windows\system32\MRT.exe
2011-07-29 22:10:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-29 20:21:17 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-29 20:01:06 ----D---- C:\windows\system32\Tasks
2011-07-18 21:20:47 ----D---- C:\Users\Hilltor\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-10-13 331288]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-09-25 691696]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslee1f8e98;MpKslee1f8e98; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA2023D-4662-4573-82E1-A2DB206D0E78}\MpKslee1f8e98.sys [2011-08-13 28752]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-28 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Sentinel;Sentinel; C:\windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2011-05-27 2189312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-12-15 2977248]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-02-26 242992]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
S3 a7frv6uq;a7frv6uq; C:\windows\system32\drivers\a7frv6uq.sys []
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys []
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\windows\System32\Drivers\AthDfu.sys [2010-11-25 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys []
S3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys []
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys []
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys []
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys []
S3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 catchme;catchme; \??\C:\Users\Hilltor\AppData\Local\Temp\catchme.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
S3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-02-10 219752]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-12-28 496128]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Installer Service;Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe [2011-07-29 119296]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[motji]

Dobrý večer
Takže ted to vypadá jak?

[kotyz85]

Teď je to vypnutý a jinak to vypadá pořád stejně - Malwarebytes, Spyware Terminator když dam skenovat tak nenajdou nic, combofix když sem ho pustil podruhý tak už nic nesmazal, nod32 je odinstalovanej a místo něj je tam ms security essentials, ten ale nedokončí kontrolu kvůli chybě (je to na screenshotu), aktualizace z win update se taky nenainstalujou (teď sou tam jen 2 - sp1 pro win7 a ie9, ty před nima se nakonec nainstalovali, ikdyž některý až na druhej pokus) s různýma chybama (opět ve screenshotech). Jinak se počítač tváří že všechno funguje, internet jde v ie i firefoxu, programy jdou nainstalovat, odinstalovat i spustit. Jen ty aktualizace z win update se nechtějí instalovat a antivirák nedotáhne kontrolu do konce, ale ty ostatní antimalware programy chodí, jak aktualizace databáze tak kontrola, ale nic nenajdou. Zkoušel sem i emsisoft antimalware a nástroj pro odstranění škodlivého software od ms, kontrola doběhla do konce a nic to nenašlo. Asi bude pc čistý, ale mohlo se při tom čištění někde něco poškodit, proto to divný chování nodu32, win update a security essentials. Přeinstalovávat se mi to nechce, to by byla práce na dlouho, možná se to časem samo srovná. Zatim na to nespěcham.

[motji]

Ještě na to koukneme, jinak by jste zkusil opravu systému.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[kotyz85]

Dneska ráno se zase nešlo přihlásit, psalo to že "službě profil uživatele se nepodařilo přihlášení", po restartu se to normálně přihlásilo. To OTL hned zkusim.

[kotyz85]

Jak dlouho asi tak trvá ten OTL sken? Mam pocit že se to zaseklo a nic to nedělá. Předtim ještě vyskočila hláška že nemůže vytvořit nějakej bat soubor (pro všechny případy sem si udělal screenshot). Neměřil sem čas, ale odhadem už to běží něco mezi 15 až 30 minutama a nevypadá to, že by to mělo brzy skončit. Ještě dam do přílohy ty screenshoty.

[kotyz85]

A tady se to zastavilo a dál to nic nedělá, nic se nevypisuje, kontrolka disku přestala blikat a logy nikde ...

[kotyz85]

Tak na druhej pokus se to povedlo a logy mam.

Extras.txt:

OTL Extras logfile created on: 8/14/2011 12:46:38 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Hilltor\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.42% Memory free
5.93 Gb Paging File | 5.07 Gb Available in Paging File | 85.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 123.81 Gb Free Space | 54.95% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 212.62 Gb Free Space | 94.36% Space Free | Partition Type: NTFS

Computer Name: MOLOCH | User Name: Hilltor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A30D5C0-BD4A-4E65-AADF-20A457DE6D38}" = Windows Live Family Safety
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcGIS Desktop" = ArcGIS Desktop
"ArcGIS License Manager" = ArcGIS License Manager
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Foxit Reader" = Foxit Reader
"IconRestorer Free_is1" = IconRestorer 1.0.8.1 SR1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.1.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0.1 (x86 cs)" = Mozilla Firefox 5.0.1 (x86 cs)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Translator" = PC Translator
"Spyware Terminator_is1" = Spyware Terminator
"Stellarium_is1" = Stellarium 0.11.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"UMPlayer" = UMPlayer 0.97 [P4]
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XnView_is1" = XnView 1.98.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3283628575-1838000162-593940776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2011 7:36:37 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků. pro: C:\Users\Hilltor\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 8/12/2011 7:36:37 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Systém Windows nemůže načíst soubor registru tříd. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků.

Error - 8/12/2011 7:38:38 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků. pro: C:\Users\Hilltor\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 8/12/2011 7:38:38 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Systém Windows nemůže načíst soubor registru tříd. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků.

Error - 8/12/2011 7:38:38 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků. pro: C:\Users\Hilltor\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 8/12/2011 7:38:38 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Systém Windows nemůže načíst soubor registru tříd. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků.

Error - 8/12/2011 7:39:32 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků. pro: C:\Users\Hilltor\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 8/12/2011 7:39:32 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Systém Windows nemůže načíst soubor registru tříd. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků.

Error - 8/12/2011 7:39:47 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků. pro: C:\Users\Hilltor\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 8/12/2011 7:39:47 PM | Computer Name = Moloch | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Systém Windows nemůže načíst soubor registru tříd. PODROBNOSTI – K dokončení
požadované služby není k dispozici dostatek prostředků.

[ System Events ]
Error - 8/14/2011 6:37:14 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:37:44 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:38:15 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:38:45 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:39:14 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:39:44 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:40:15 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7023
Description = Služba Instalační služba modulů systému Windows byla ukončena s následující
chybou: %%1450

Error - 8/14/2011 6:41:12 AM | Computer Name = Moloch | Source = Service Control Manager | ID = 7043
Description = Služba Windows Update se po přijetí pokynu pro vypnutí neukončila
správně.

Error - 8/14/2011 6:42:46 AM | Computer Name = Moloch | Source = Microsoft Antimalware | ID = 3002
Description = %%860 – funkce ochrany v reálném čase selhala z důvodu chyby. Funkce:
%%835 Kód chyby: 0x80004005 Popis chyby: Nespecifikovaná chyba Důvod: %%842

Error - 8/14/2011 6:42:46 AM | Computer Name = Moloch | Source = Microsoft Antimalware | ID = 3002
Description = %%860 – funkce ochrany v reálném čase selhala z důvodu chyby. Funkce:
%%886 Kód chyby: 0x8007042c Popis chyby: Nepodařilo se zahájit závislou službu nebo
skupinu. Důvod: %%892


< End of report >

[kotyz85]

OTL.txt má přes 90 000 znaků, nejde vložit přímo jako text, takže ho dávam jako přílohu.

[motji]

Já ten log zkontroluji večer, ale máte systém legální?
http://support.microsoft.com/kb/306081/cs

[kotyz85]

Jo, byl v ceně notebooku. Dole je normálně licenční štítek. Jediný co by tam mohlo bejt cracklý je asi ten ArcGIS. Ještě sem dneska dělal úplnej sken všech disků přes Malwarebytes a nic to zase nenašlo.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7463

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.8.2011 14:26:28
mbam-log-2011-08-14 (14-26-28).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 307431
Uplynulý čas: 48 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[kotyz85]

Ten odkaz na technickou podporu ms popisuje chybu ve win xp, a tohle sou sedmičky home premium. Kdyby bylo něco špatně s aktivací tak by si systém už určitě postěžoval nebo bych neprošel ověřenim pravosti když sem z ms download stahoval ten servicepack 1 abych ho zkusil nainstalovat ručně. Googlil sem i tu chybu z nedostatkem prostředků, ale nepomoh sem si, to co mi to našlo nevypadalo stejně jako ten muj problém.

[motji]

To vypadá na nabořený systém
Máte inst. cd? Pokud ano, udělejte opravu systému.

[kotyz85]

Instalační CD se k notebookům snad už ani nedávaj, je tam nějakej skrytej diskovej oddíl s image nainstalovanýho systému a to by mělo jít obnovit přes to jejich Samsung Recovery. Hned po vyndání z krabice a prvnim zapnutí to dělalo nějakou zálohu a pak to ještě otravovalo s vypalovánim nějakejch recovery dvd, ale to bylo před rokem a ani nevim kam to přišlo. Reinstalaci sem se chtěl vyhnout, protože by to dalo hrozně moc práce, překopírovat někam těch cca 200 GB dat co tam sou, formát, instalace, pak znova nainstalovat všechny programy, zkopírovat data zpátky, všechno zase nastavit. Zkusim se ještě někde jinde zeptat na ty chyby s aktualizacema a nedostatkem prostředků. Děkuju za rady.