Kontrola logu

[SoundChaosDebug]

Dobry den asi pred 4mi dnami som si kupil novy notas setko bolo ok ked som si nainstaoval vtedy setky potrebne veci tak mal som vtedy v pokoji vytazene CCU na 0 - 5 % a teraz neviem co sa stalo lebo v klude mam CCU usage na 60% ked nic nerobim a nebezi mi ziadna aplikacia na pozadi ... prikladam log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomas at 2011-08-27 08:10:29
Microsoft Windows 7 Ultimate
System drive C: has 69 GB (69%) free of 100 GB
Total RAM: 4000 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:34, on 27. 8. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Users\Tomas\AppData\Local\Temp\winsmbj.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\trend micro\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3439894422-2558652369-815483910-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3439894422-2558652369-815483910-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8622 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\WLANExt.exe 28175216
\??\C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
taskeng.exe {2F639D4B-5042-408E-B7DF-6ACB6A0772CA}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\SysWOW64\lkcitdl.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
C:\Windows\SysWOW64\nisvcloc.exe -s
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
ATKOSD.exe
KBFiltr.exe
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
WDC.exe
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\TEMP\wqvnu.exe
C:\Users\Tomas\AppData\Local\Temp\winsmbj.exe
"taskhost.exe"
taskhost.exe $(Arg0)
"C:\totalcmd\TOTALCMD.EXE"
"D:\Install\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-01 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-01 391960]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-01 419096]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-06-03 2226280]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-03-21 361984]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-05-05 97064]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30 10372368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2011-03-17 842048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-09 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"DataFinder"=C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe [2010-06-08 2995296]
"NI Background Service"=C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe [2010-05-27 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-05-24 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-27 08:10:29 ----D---- C:\rsit
2011-08-27 08:10:29 ----D---- C:\Program Files\trend micro
2011-08-26 16:50:50 ----D---- C:\ProgramData\TrackMania
2011-08-26 16:50:34 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-08-26 16:50:34 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-08-26 16:50:34 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-08-26 16:50:34 ----A---- C:\Windows\system32\xinput1_1.dll
2011-08-26 16:50:34 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-08-26 16:50:34 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-08-26 16:50:32 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-08-26 16:50:32 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-08-26 16:50:31 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-08-26 16:50:31 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-08-26 16:50:31 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-08-26 16:50:31 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-08-26 16:50:31 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-08-26 16:50:31 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-08-26 16:50:31 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-08-26 16:50:31 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-08-26 16:50:31 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-08-26 16:50:31 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-08-26 16:50:30 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-08-26 16:50:30 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-08-26 16:50:28 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-08-26 16:50:28 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-08-26 16:50:28 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-08-26 16:50:28 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-08-26 16:48:29 ----D---- C:\Program Files (x86)\TmNationsForever
2011-08-26 16:39:30 ----D---- C:\Program Files (x86)\directx
2011-08-26 16:30:17 ----D---- C:\UT2003
2011-08-26 15:40:06 ----A---- C:\Windows\SYSWOW64\CDINTF400.DLL
2011-08-26 15:38:59 ----D---- C:\Program Files\National Instruments
2011-08-26 15:37:47 ----RSH---- C:\bglrbw.exe
2011-08-26 15:37:29 ----D---- C:\Program Files (x86)\National Instruments
2011-08-26 15:37:04 ----D---- C:\ProgramData\National Instruments
2011-08-26 03:46:30 ----D---- C:\Windows\Panther
2011-08-26 03:45:59 ----D---- C:\Windows\system32\OEM
2011-08-25 20:42:44 ----D---- C:\ProgramData\Solidshield
2011-08-25 20:38:22 ----D---- C:\ProgramData\Electronic Arts
2011-08-25 20:38:22 ----D---- C:\ProgramData\EA Core
2011-08-25 20:26:53 ----D---- C:\Program Files (x86)\Electronic Arts
2011-08-25 20:26:53 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-08-25 20:26:53 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-08-25 20:26:52 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-08-25 20:26:52 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-08-25 20:26:52 ----A---- C:\Windows\system32\xinput1_3.dll
2011-08-25 20:26:52 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-08-25 19:22:15 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-08-25 19:22:12 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2011-08-25 19:21:58 ----D---- C:\Users\Tomas\AppData\Roaming\DAEMON Tools Pro
2011-08-25 19:21:58 ----D---- C:\ProgramData\DAEMON Tools Pro
2011-08-25 19:06:47 ----N---- C:\Windows\system32\MpSigStub.exe
2011-08-25 19:03:57 ----D---- C:\Program Files (x86)\BitTorrent
2011-08-25 18:58:02 ----D---- C:\Users\Tomas\AppData\Roaming\Macromedia
2011-08-25 18:58:02 ----D---- C:\Users\Tomas\AppData\Roaming\Adobe
2011-08-25 18:57:22 ----D---- C:\Program Files (x86)\Google
2011-08-25 18:57:02 ----D---- C:\Windows\SYSWOW64\Macromed
2011-08-25 18:55:06 ----D---- C:\Users\Tomas\AppData\Roaming\GHISLER
2011-08-25 18:55:06 ----D---- C:\totalcmd
2011-08-25 18:55:06 ----A---- C:\Windows\UC.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\RAR.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\PKZIP.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\PKUNZIP.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\NOCLOSE.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\LHA.PIF
2011-08-25 18:55:06 ----A---- C:\Windows\ARJ.PIF
2011-08-25 18:52:22 ----D---- C:\Users\Tomas\AppData\Roaming\Opera
2011-08-25 18:52:19 ----D---- C:\Program Files (x86)\Opera
2011-08-25 18:50:50 ----D---- C:\Users\Tomas\AppData\Roaming\BitTorrent
2011-08-25 18:37:31 ----D---- C:\ProgramData\P4G
2011-08-25 18:37:31 ----D---- C:\Program Files\P4G
2011-08-25 18:37:07 ----A---- C:\Windows\system32\drivers\kbfiltr.sys
2011-08-25 18:28:26 ----D---- C:\ProgramData\Roaming
2011-08-25 18:28:19 ----D---- C:\Users\Tomas\AppData\Roaming\Intel
2011-08-25 18:27:32 ----D---- C:\Program Files\Intel
2011-08-25 18:27:32 ----D---- C:\Program Files (x86)\Cisco
2011-08-25 18:26:39 ----D---- C:\Program Files\Synaptics
2011-08-25 18:26:34 ----A---- C:\Windows\SYSWOW64\SynTPEnhPS.dll
2011-08-25 18:26:34 ----A---- C:\Windows\SYSWOW64\SynTPCOM.dll
2011-08-25 18:26:34 ----A---- C:\Windows\SYSWOW64\SynCtrl.dll
2011-08-25 18:26:34 ----A---- C:\Windows\SYSWOW64\SynCOM.dll
2011-08-25 18:26:34 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2011-08-25 18:26:34 ----A---- C:\Windows\system32\SynTPCo9.dll
2011-08-25 18:26:34 ----A---- C:\Windows\system32\SynTPAPI.dll
2011-08-25 18:26:34 ----A---- C:\Windows\system32\SynCtrl.dll
2011-08-25 18:26:34 ----A---- C:\Windows\system32\drivers\SynTP.sys
2011-08-25 18:24:28 ----D---- C:\Program Files (x86)\ASM104xUSB3
2011-08-25 18:24:06 ----D---- C:\ProgramData\AmUStor
2011-08-25 18:24:02 ----D---- C:\Program Files (x86)\AmIcoSingLun
2011-08-25 18:23:14 ----A---- C:\Windows\system32\drivers\L1C62x64.sys
2011-08-25 18:22:50 ----D---- C:\Program Files (x86)\ASUS
2011-08-25 18:22:40 ----D---- C:\ProgramData\SonicFocus
2011-08-25 18:22:38 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-08-25 18:22:38 ----D---- C:\Program Files\Realtek
2011-08-25 18:22:20 ----A---- C:\Windows\system32\WavesGUILib.dll
2011-08-25 18:22:20 ----A---- C:\Windows\system32\SRSWOW64.dll
2011-08-25 18:22:20 ----A---- C:\Windows\system32\SRSTSX64.dll
2011-08-25 18:22:20 ----A---- C:\Windows\system32\SRSTSH64.dll
2011-08-25 18:22:20 ----A---- C:\Windows\system32\SRSHP64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFSAPO64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFProc64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFNHK64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFHAPO64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFDAPO64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFComm64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFCOM64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\SFAPO64.dll
2011-08-25 18:22:19 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2011-08-25 18:22:17 ----A---- C:\Windows\system32\RtkCfg64.dll
2011-08-25 18:22:17 ----A---- C:\Windows\system32\RtkApi64.dll
2011-08-25 18:22:16 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-08-25 18:22:15 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-08-25 18:22:15 ----A---- C:\Windows\system32\RTCOM64.dll
2011-08-25 18:22:14 ----A---- C:\Windows\system32\RTEEP64A.dll
2011-08-25 18:22:14 ----A---- C:\Windows\system32\RTEEL64A.dll
2011-08-25 18:22:14 ----A---- C:\Windows\system32\RTEEG64A.dll
2011-08-25 18:22:14 ----A---- C:\Windows\system32\RTEED64A.dll
2011-08-25 18:22:14 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-08-25 18:22:13 ----A---- C:\Windows\system32\RP3DHT64.dll
2011-08-25 18:22:13 ----A---- C:\Windows\system32\RP3DAA64.dll
2011-08-25 18:22:13 ----A---- C:\Windows\system32\RCoRes64.dat
2011-08-25 18:22:13 ----A---- C:\Windows\system32\RCoInst64.dll
2011-08-25 18:22:07 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-08-25 18:22:07 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-08-25 18:22:01 ----A---- C:\Windows\system32\FMAPO64.dll
2011-08-25 18:22:00 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2011-08-25 18:21:59 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2011-08-25 18:21:58 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2011-08-25 18:21:58 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2011-08-25 18:21:57 ----D---- C:\Program Files (x86)\Realtek
2011-08-25 18:21:57 ----A---- C:\Windows\system32\AERTAR64.dll
2011-08-25 18:21:57 ----A---- C:\Windows\system32\AERTAC64.dll
2011-08-25 18:21:50 ----HD---- C:\Program Files (x86)\Temp
2011-08-25 18:21:48 ----R---- C:\Windows\RtlExUpd.dll
2011-08-25 18:20:09 ----D---- C:\Windows\SYSWOW64\NV
2011-08-25 18:20:09 ----D---- C:\Windows\system32\NV
2011-08-25 18:17:39 ----D---- C:\ProgramData\NVIDIA
2011-08-25 18:15:47 ----SHD---- C:\Windows\Installer
2011-08-25 18:14:59 ----D---- C:\ProgramData\NVIDIA Corporation
2011-08-25 18:14:57 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-08-25 18:14:51 ----A---- C:\Windows\system32\nvgenco642040.dll
2011-08-25 18:14:51 ----A---- C:\Windows\system32\nvdispco6420120.dll
2011-08-25 18:12:37 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-08-25 18:12:37 ----A---- C:\Windows\system32\OpenCL.dll
2011-08-25 18:12:36 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-08-25 18:12:36 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2011-08-25 18:12:36 ----A---- C:\Windows\SYSWOW64\nvoptimusmft.dll
2011-08-25 18:12:36 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-08-25 18:12:36 ----A---- C:\Windows\system32\nvumdshimx.dll
2011-08-25 18:12:36 ----A---- C:\Windows\system32\nvoptimusmft.dll
2011-08-25 18:12:36 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2011-08-25 18:12:34 ----A---- C:\Windows\system32\nvoglv64.dll
2011-08-25 18:12:32 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-08-25 18:12:31 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2011-08-25 18:12:31 ----A---- C:\Windows\system32\nvinitx.dll
2011-08-25 18:12:31 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-08-25 18:12:30 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2011-08-25 18:12:30 ----A---- C:\Windows\system32\nvdecodemft.dll
2011-08-25 18:12:29 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-08-25 18:12:27 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-08-25 18:12:27 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-08-25 18:12:26 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-08-25 18:12:26 ----A---- C:\Windows\system32\nvcuvid.dll
2011-08-25 18:12:26 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-08-25 18:12:25 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-08-25 18:12:24 ----A---- C:\Windows\system32\nvcuda.dll
2011-08-25 18:12:10 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-08-25 18:12:08 ----A---- C:\Windows\system32\nvcompiler.dll
2011-08-25 18:12:08 ----A---- C:\Windows\system32\nvapi64.dll
2011-08-25 18:12:07 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-08-25 18:10:28 ----D---- C:\NvidiaLogs
2011-08-25 18:09:03 ----D---- C:\Program Files\NVIDIA Corporation
2011-08-25 18:09:01 ----D---- C:\ProgramData\Intel
2011-08-25 18:07:36 ----D---- C:\Program Files\Common Files\Intel
2011-08-25 18:07:17 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2011-08-25 18:07:17 ----A---- C:\Windows\SYSWOW64\igfxcmrt32.dll
2011-08-25 18:07:17 ----A---- C:\Windows\system32\igfxtray.exe
2011-08-25 18:07:17 ----A---- C:\Windows\system32\igfxdo.dll
2011-08-25 18:07:17 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2011-08-25 18:07:17 ----A---- C:\Windows\system32\igfxcmrt64.dll
2011-08-25 18:07:17 ----A---- C:\Windows\system32\hkcmd.exe
2011-08-25 18:07:17 ----A---- C:\Windows\system32\GfxUI.exe
2011-08-25 18:07:17 ----A---- C:\Windows\system32\difx64.exe
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\iglhsip32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\iglhcp32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\igdumdx32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\igdumd32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\igd10umd32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\SYSWOW64\ig4icd32.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\iglhsip64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\iglhcp64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxTMM.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxsrvc.exe
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxsrvc.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxress.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxpph.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxpers.exe
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxext.exe
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxexps.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxdev.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igfxCoIn_v2405.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igdumd64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\igd10umd64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\ig4icd64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\IccLibDll_x64.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\hccutils.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\gfxSrvc.dll
2011-08-25 18:07:16 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2011-08-25 18:04:42 ----A---- C:\Windows\SYSWOW64\drivers\IntelMEFWVer.dll
2011-08-25 18:04:42 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2011-08-25 18:04:40 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-25 18:04:32 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2011-08-25 18:04:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-25 18:04:30 ----D---- C:\Users\Tomas\AppData\Roaming\InstallShield
2011-08-25 18:01:19 ----RA---- C:\Windows\SYSWOW64\CSVer.dll
2011-08-25 18:01:18 ----D---- C:\Program Files (x86)\Intel
2011-08-25 18:00:56 ----D---- C:\Intel
2011-08-25 17:56:37 ----D---- C:\Users\Tomas\AppData\Roaming\Identities
2011-08-25 17:56:17 ----SD---- C:\Users\Tomas\AppData\Roaming\Microsoft
2011-08-25 17:56:17 ----D---- C:\Users\Tomas\AppData\Roaming\Media Center Programs
2011-08-25 17:53:39 ----SHD---- C:\Recovery
2011-08-25 17:50:41 ----D---- C:\Windows\SoftwareDistribution
2011-08-25 17:48:01 ----D---- C:\Windows\Prefetch
2011-08-25 17:47:39 ----ASH---- C:\pagefile.sys
2011-08-25 17:47:37 ----SHD---- C:\System Volume Information
2011-08-25 17:47:37 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2011-08-27 08:10:29 ----RD---- C:\Program Files
2011-08-27 08:10:27 ----D---- C:\Windows\Temp
2011-08-27 07:47:18 ----D---- C:\Windows\System32
2011-08-27 07:47:18 ----D---- C:\Windows\inf
2011-08-27 07:47:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-27 07:43:07 ----D---- C:\Windows\system32\Tasks
2011-08-26 19:37:40 ----SD---- C:\ProgramData\Microsoft
2011-08-26 19:37:40 ----D---- C:\Windows\system32\drivers
2011-08-26 19:37:39 ----D---- C:\Windows\system32\drivers\UMDF
2011-08-26 19:18:58 ----D---- C:\Windows\system32\wdi
2011-08-26 16:50:50 ----HD---- C:\ProgramData
2011-08-26 16:50:34 ----RSD---- C:\Windows\assembly
2011-08-26 16:50:34 ----D---- C:\Windows\SysWOW64
2011-08-26 16:50:32 ----D---- C:\Windows\Microsoft.NET
2011-08-26 16:48:29 ----RD---- C:\Program Files (x86)
2011-08-26 15:49:16 ----D---- C:\Windows\system32\config
2011-08-26 15:39:11 ----D---- C:\Windows\winsxs
2011-08-26 15:39:09 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-26 15:38:46 ----D---- C:\Program Files (x86)\Common Files
2011-08-26 15:37:04 ----A---- C:\Windows\system.ini
2011-08-26 14:47:43 ----D---- C:\Windows\rescache
2011-08-26 14:41:49 ----D---- C:\Windows\Logs
2011-08-26 13:58:47 ----D---- C:\Windows
2011-08-25 20:25:24 ----D---- C:\Windows\system32\catroot
2011-08-25 20:25:23 ----D---- C:\Windows\system32\DriverStore
2011-08-25 19:15:43 ----D---- C:\Windows\system32\LogFiles
2011-08-25 19:02:20 ----D---- C:\Windows\Tasks
2011-08-25 18:47:12 ----D---- C:\Windows\system32\catroot2
2011-08-25 18:44:58 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-25 18:23:33 ----D---- C:\Windows\system32\restore
2011-08-25 18:18:48 ----RD---- C:\Users
2011-08-25 18:16:04 ----D---- C:\Windows\Help
2011-08-25 18:07:36 ----D---- C:\Program Files\Common Files
2011-08-25 18:04:42 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-25 17:56:34 ----SHD---- C:\$Recycle.Bin
2011-08-25 17:54:18 ----D---- C:\Windows\Setup
2011-08-25 17:53:30 ----D---- C:\Windows\debug
2011-08-25 17:51:03 ----D---- C:\Windows\system32\sysprep
2011-08-25 17:48:27 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-04-26 557848]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-06-09 25960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-25 272448]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-05-24 12259712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-21 2901224]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2009-09-29 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2010-03-10 43056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2010-03-10 53808]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2010-03-10 428080]
R2 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2009-10-20 13896]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-05-27 1007208]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-27 1997416]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-27 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2009-09-18 1085440]

-----------------EOF-----------------

[ASAP]

Ahoj,

prosímtě otestuj soubory:

C:\Windows\TEMP\wqvnu.exe
C:\Users\Tomas\AppData\Local\Temp\winsmbj.exe


na webové službě http://www.virustotal.com/ , vysledky dej vědět.

[SoundChaosDebug]

hmmm pri obidvoch tych suboroch mi vypisalo ze podla 41 antivirusovych softov zo 44 ze je to virus alebo trojan

[ASAP]

Vlož mi odkazy na výsledky - ať vím jaký druh přesně havěti.

Po stažení souboru http://www.randomsdomain.co.uk/download ... RFTx64.exe ho spusť, nakopíruj do textového pole následující tučně vyznačený textík

[processes]
C:\Windows\TEMP\wqvnu.exe
C:\Users\Tomas\AppData\Local\Temp\winsmbj.exe

[files]
C:\Windows\TEMP\wqvnu.exe
C:\Users\Tomas\AppData\Local\Temp\winsmbj.exe

klik na Run Fix! Po chvíli se objeví výsledný report, který mi sem zkopíruješ.

poznámka: prvně zkusím smazat bez "agresivních" metod jak je autor nástroje nazval.

[SoundChaosDebug]

pockaj ale ako chcel si vidiet vysledky z toho virustotalu?
ten soft som si stiahol pastol som tam tam toto od teba dal som run fix nemal som odsktune ani aggresive ani very aggresive a nic sa nestalo ziadny log nenabehol a ten soft sa vypol

[ASAP]

K virustotal, už pozdě. Otestuji si sám pak.


Zkus se podívat, jest-li je vytvořen C:\RFT\log.txt Pokud ano, otevři ho, následně sem zkopíruj.

[SoundChaosDebug]

hmm vyzera ze to zmazalo
Running Fix 2011-08-27 09:45:47
Created system restore point
Creating ERUNT Registry backup
Deleting File c:\windows\temp\wqvnu.exe
Deleting File c:\users\tomas\appdata\local\temp\winsmbj.exe

[ASAP]

Složku backups v C:\RFT\ celou "zazipuj" a někam mi ji uploudni.

Koukni do Správce úloh, zdalipak vytíženi cpu kleslo.



Po stažení spusť http://download.bleepingcomputer.com/sUBs/Beta/dds.exe

nastav zatržítkem Scan - Attach.txt, klik na Start, otevřous e dva logy, oba rád uvidím.

[SoundChaosDebug]

takze CPU vytazenost ta ista ziadny rozdiel
ten backup folder mas sem http://www.megaupload.com/?d=C4FCV8QB
a tie logy
DDS (Ver_2011-08-26.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Tomas at 10:32:54 on 2011-08-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4000.2684 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto
mRun: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.3.20
TCP: Interfaces\{0F6A7429-14FC-46FB-B3E8-4526801070A5} : DHCPNameServer = 192.168.3.20
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-25 25960]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-25 272448]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-25 1997416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-27 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-25 2655768]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-25 76912]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-8-25 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-5-1 8593920]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
.
=============== Created Last 30 ================
.
2011-08-27 07:45:47 -------- d-----w- C:\RFT
2011-08-27 06:10:29 -------- d-----w- C:\Program Files\trend micro
2011-08-26 17:30:56 -------- d-----w- C:\Users\Tomas\AppData\Local\National Instruments
2011-08-26 14:48:29 -------- d-----w- C:\Program Files (x86)\TmNationsForever
2011-08-26 14:40:21 -------- d-----w- C:\Users\Tomas\AppData\Local\GHISLER
2011-08-26 14:39:30 -------- d-----w- C:\Program Files (x86)\directx
2011-08-26 14:30:17 -------- d-----w- C:\UT2003
2011-08-26 13:40:06 4218880 ----a-w- C:\Windows\SysWow64\CDINTF400.DLL
2011-08-26 13:38:59 -------- d-----w- C:\Program Files\National Instruments
2011-08-26 13:38:46 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-08-26 13:37:47 103140 --sh--r- C:\bglrbw.exe
2011-08-26 13:37:29 -------- d-----w- C:\Program Files (x86)\National Instruments
2011-08-26 13:37:04 -------- d-----w- C:\ProgramData\National Instruments
2011-08-26 01:46:30 -------- d-----w- C:\Windows\Panther
2011-08-26 01:45:59 -------- d-----w- C:\Windows\System32\OEM
2011-08-25 18:42:44 -------- d-----w- C:\ProgramData\Solidshield
2011-08-25 18:38:22 -------- d-----w- C:\ProgramData\Electronic Arts
2011-08-25 18:38:22 -------- d-----w- C:\ProgramData\EA Core
2011-08-25 17:22:15 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-08-25 17:22:12 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2011-08-25 17:21:58 -------- d-----w- C:\Users\Tomas\AppData\Roaming\DAEMON Tools Pro
2011-08-25 17:21:58 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2011-08-25 17:06:49 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D94F9BA7-8748-4789-837A-0152A5AF5ACA}\mpengine.dll
2011-08-25 17:06:47 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-25 17:03:57 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-08-25 16:57:25 -------- d-----w- C:\Users\Tomas\AppData\Local\Google
2011-08-25 16:57:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 16:55:06 545 ----a-w- C:\Windows\UC.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\RAR.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\PKZIP.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\PKUNZIP.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\NOCLOSE.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\LHA.PIF
2011-08-25 16:55:06 545 ----a-w- C:\Windows\ARJ.PIF
2011-08-25 16:55:06 -------- d-----w- C:\Users\Tomas\AppData\Roaming\GHISLER
2011-08-25 16:55:06 -------- d-----w- C:\totalcmd
2011-08-25 16:52:22 -------- d-----w- C:\Users\Tomas\AppData\Local\Opera
2011-08-25 16:50:50 -------- d-----w- C:\Users\Tomas\AppData\Roaming\BitTorrent
2011-08-25 16:37:33 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2011-08-25 16:37:31 -------- d-----w- C:\ProgramData\P4G
2011-08-25 16:37:31 -------- d-----w- C:\Program Files\P4G
2011-08-25 16:37:07 15416 ----a-w- C:\Windows\System32\drivers\kbfiltr.sys
2011-08-25 16:28:26 -------- d-----w- C:\Users\Tomas\Roaming
2011-08-25 16:28:26 -------- d-----w- C:\ProgramData\Roaming
2011-08-25 16:28:19 -------- d-----w- C:\Users\Tomas\AppData\Roaming\Intel
2011-08-25 16:27:32 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-25 16:26:39 -------- d-----w- C:\Program Files\Synaptics
2011-08-25 16:26:34 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2011-08-25 16:26:34 276264 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-08-25 16:26:34 226088 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-08-25 16:26:34 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-08-25 16:26:34 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-08-25 16:26:34 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-08-25 16:26:34 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2011-08-25 16:26:34 1439792 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-08-25 16:26:34 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-08-25 16:24:28 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2011-08-25 16:24:06 -------- d-----w- C:\ProgramData\AmUStor
2011-08-25 16:24:02 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2011-08-25 16:23:14 76912 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2011-08-25 16:21:59 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2011-08-25 16:20:09 -------- d-----w- C:\Windows\SysWow64\NV
2011-08-25 16:20:09 -------- d-----w- C:\Windows\System32\NV
2011-08-25 16:15:47 -------- d-sh--w- C:\Windows\Installer
2011-08-25 16:14:59 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-08-25 16:14:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-08-25 16:14:51 1617512 ----a-w- C:\Windows\System32\nvdispco6420120.dll
2011-08-25 16:14:51 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2011-08-25 16:10:28 -------- d-----w- C:\NvidiaLogs
2011-08-25 16:09:03 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-08-25 16:04:42 8192 ----a-w- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2011-08-25 16:04:42 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2011-08-25 16:04:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2011-08-25 16:04:32 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2011-08-25 16:01:19 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-08-25 16:00:56 -------- d-----w- C:\Intel
2011-08-25 15:53:39 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-06-21 10:30:38 2901224 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-06-21 08:58:00 1698408 ------r- C:\Windows\RtlExUpd.dll
2011-06-21 05:59:26 1483264 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-06-17 10:14:30 92264 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-06-16 01:45:00 2415720 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-06-16 01:44:58 3115112 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-06-13 11:04:16 1560680 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-06-03 06:11:36 1805928 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-06-02 08:32:50 401896 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys
2011-06-02 08:32:50 128488 ----a-w- C:\Windows\System32\drivers\asmthub3.sys
2011-06-01 21:32:16 168216 ----a-w- C:\Windows\System32\igfxtray.exe
2011-06-01 21:32:12 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2011-06-01 21:32:10 419096 ----a-w- C:\Windows\System32\igfxpers.exe
2011-06-01 21:32:04 239384 ----a-w- C:\Windows\System32\igfxext.exe
2011-06-01 21:31:58 391960 ----a-w- C:\Windows\System32\hkcmd.exe
2011-06-01 21:31:56 4370712 ----a-w- C:\Windows\System32\GfxUI.exe
2011-06-01 21:31:54 179992 ----a-w- C:\Windows\System32\difx64.exe
2011-05-31 01:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2011-05-31 01:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2011-05-31 01:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2011-05-31 01:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2011-05-31 01:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2011-05-31 01:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2011-05-31 01:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2011-05-31 01:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2011-05-31 01:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
.
============= FINISH: 10:33:17,41 ===============



a z toho attachu

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25. 8. 2011 17:54:19
System Uptime: 27. 8. 2011 10:30:20 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N55SF
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 67,403 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 204,916 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 25. 8. 2011 18:23:33 - Installed Alcor Micro USB Card Reader
RP2: 25. 8. 2011 19:06:33 - Windows Update
RP3: 25. 8. 2011 20:25:16 - Inštalácia balíka ovládačov zariadenia: DT Soft Ltd Systémové zariadenia
RP4: 25. 8. 2011 20:26:40 - Installed ProductName from default.wxl
RP5: 26. 8. 2011 16:50:09 - Installed DirectX
RP6: 27. 8. 2011 9:45:48 - RFTRestore
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Alcor Micro USB Card Reader
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Power4Gear Hybrid
ATK Package
BitTorrent
Crysis® 2
DAEMON Tools Pro
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
National Instruments Software
NI .NET Framework 3.5 SP1
NI AOP5 DataPlugin 1.8.0
NI Audio DataPlugin 1.1.0
NI DataFinder Client 2.2
NI DataFinder Desktop 2.2
NI DIAdem 2010
NI DIAdem 2010 (Core)
NI DIAdem 2010 Documentation (TDM)
NI EULA Depot
NI Help Assistant
NI Help Assistant (64bit)
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Web Server for Run-Time Engine
NI License Manager
NI Logos 5.1.3
NI Logos XT Support
NI Logos64 5.1.3
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MDF Support
NI MetaSuite Installer
NI Service Locator
NI TDM Excel Add-In 3.2
NI TDMS
NI TDMS (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service
NI Update Service Full
NI USI 1.8.0
NI USI 1.8.0 64-Bit
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NVIDIA Grafický ovládač 268.74
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Ovládač 3D Vision 268.74
NVIDIA Ovládač zvuku HD 1.2.22.1
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Opera 11.50
Ovládací panel NVIDIA 268.74
Realtek High Definition Audio Driver
SonicMaster
Synaptics Pointing Device Driver
TmNationsForever
Total Commander (Remove or Repair)
Unreal Tournament 2003
.
==== Event Viewer Messages From Past Week ========
.
25. 8. 2011 18:36:05, Error: Service Control Manager [7034] - Služba Bluetooth OBEX Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
25. 8. 2011 18:07:57, Error: Service Control Manager [7023] - Služba Windows Defender bola ukončená s nasledujúcou chybou: %%-2147024882
.
==== End Of File ===========================

[ASAP]

No já věděl proč chtít vzorek i s novým logem, neviděl jsem bod registru odkud se spouští. Dobře si komplu zavařil - sality .



Otestuj na virustotal.com

C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE

Zrovna se zeptám, máš dost času na pokus odstřelení škodné? Sality je totíž polymorfni souborový virus...každa varinta je různě agresivní a já zatím nevím, kterou máš a jak je zažraná do systému.


Budem pokračovat s likvidací?

[SoundChaosDebug]

takze ten ten svhost detect ratio 1/44
Spoolsv som nenasiel vo windows/system32 ani ked som si dal zobrazit skryte a systemove
a explorer detect ratio 0/44


hmm co ja viem nebude jednoduche preinstalovat win? on rozmyslam ze jak som to mohol chytit je to moze cez USB kluc?

[ASAP]

Crack/keygen - email - usb - externi hdd - stranky s ilegálním obahem/ale i legálním.


Vytvoř textový soubor mající obsah

KillAll::
ClearJavaCache::
StepDell::
SysRst::

Musí být dvojtečky za SysRst::
ulož jako CFScript.txt


Sosni http://download.bleepingcomputer.com/sUBs/ComboFix.exe, přímo do rootu disku C. Chytni myši soubor CFScript a přetáhni ho nad ikonu ComboFix-u. Až se překryjí pusť. Dojde k instalaci CF , až skončí potvrzuj dialogové hlášky CF (nech nainstalovat konzoli), po ukončení se otevře texták, jeho report sem zkopíruj. Pak stahni a naistaluj antivir, nech s nem projed pc. můžeš mět vicerohavěti i napadané třeba obrázky/dokumenty apod. A ty přemýšlej odkud je původce, ať ho zas neaktivuješ, jinak reinstal bys dělal pořád.

[SoundChaosDebug]

ComboFix 11-08-27.01 - Tomas . 08. 2011 11:29:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4000.2622 [GMT 2:00]
Running from: c:\users\Tomas\Desktop\ComboFix.exe
Command switches used :: c:\users\Tomas\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\bglrbw.exe
c:\programdata\Roaming
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-27 09:33 . 2011-08-27 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 07:45 . 2011-08-27 08:17 -------- d-----w- C:\RFT
2011-08-27 06:10 . 2011-08-27 06:10 -------- d-----w- C:\rsit
2011-08-27 06:10 . 2011-08-27 06:10 -------- d-----w- c:\program files\trend micro
2011-08-26 14:39 . 2011-08-26 14:39 -------- d-----w- c:\program files (x86)\directx
2011-08-26 14:30 . 2011-08-26 14:35 -------- d-----w- C:\UT2003
2011-08-26 13:40 . 2010-05-26 00:26 4218880 ----a-w- c:\windows\SysWow64\CDINTF400.DLL
2011-08-26 13:38 . 2011-08-26 13:38 -------- d-----w- c:\program files\National Instruments
2011-08-26 13:38 . 2011-08-26 13:39 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-08-26 13:37 . 2011-08-26 13:39 -------- d-----w- c:\program files (x86)\National Instruments
2011-08-26 13:37 . 2011-08-26 17:30 -------- d-----w- c:\programdata\National Instruments
2011-08-26 01:46 . 2011-08-25 15:54 -------- d-----w- c:\windows\Panther
2011-08-26 01:45 . 2011-08-26 01:45 -------- d-----w- c:\windows\system32\OEM
2011-08-25 18:42 . 2011-08-25 18:42 -------- d-----w- c:\programdata\Solidshield
2011-08-25 18:38 . 2011-08-25 18:38 -------- d-----w- c:\programdata\Electronic Arts
2011-08-25 18:38 . 2011-08-25 18:38 -------- d-----w- c:\programdata\EA Core
2011-08-25 17:22 . 2011-08-25 18:25 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-25 17:22 . 2011-08-25 17:22 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-08-25 17:21 . 2011-08-25 17:22 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-08-25 17:06 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D94F9BA7-8748-4789-837A-0152A5AF5ACA}\mpengine.dll
2011-08-25 17:06 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-25 17:03 . 2011-08-25 17:03 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-25 16:57 . 2011-08-25 17:02 -------- d-----w- c:\program files (x86)\Google
2011-08-25 16:57 . 2011-08-25 16:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 16:57 . 2011-08-25 16:57 -------- d-----w- c:\windows\SysWow64\Macromed
2011-08-25 16:55 . 2011-08-25 17:01 -------- d-----w- C:\totalcmd
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-08-25 16:55 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-08-25 16:52 . 2011-08-25 16:52 -------- d-----w- c:\program files (x86)\Opera
2011-08-25 16:37 . 2010-08-03 13:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2011-08-25 16:37 . 2011-08-25 16:48 -------- d-----w- c:\program files\P4G
2011-08-25 16:37 . 2011-08-25 16:37 -------- d-----w- c:\programdata\P4G
2011-08-25 16:37 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2011-08-25 16:28 . 2011-08-25 16:28 -------- d-----w- c:\users\Public\Roaming
2011-08-25 16:28 . 2011-08-25 16:28 -------- d-----w- c:\users\Default\Roaming
2011-08-25 16:27 . 2011-08-25 16:36 -------- d-----w- c:\program files\Intel
2011-08-25 16:27 . 2011-08-25 16:27 -------- d-----w- c:\program files (x86)\Cisco
2011-08-25 16:26 . 2011-08-25 16:26 -------- d-----w- c:\program files\Synaptics
2011-08-25 16:26 . 2011-05-05 12:32 1439792 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-08-25 16:26 . 2011-05-05 12:30 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2011-08-25 16:26 . 2011-05-05 12:30 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-08-25 16:26 . 2011-05-05 12:30 226088 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-08-25 16:26 . 2011-05-05 12:30 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-08-25 16:26 . 2011-05-05 12:30 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2011-08-25 16:26 . 2011-05-05 12:30 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-08-25 16:26 . 2011-05-05 12:30 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-08-25 16:26 . 2009-08-07 02:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-08-25 16:24 . 2011-08-25 16:24 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2011-08-25 16:24 . 2011-08-25 16:24 -------- d-----w- c:\programdata\AmUStor
2011-08-25 16:24 . 2011-08-25 16:24 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2011-08-25 16:23 . 2010-08-24 09:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2011-08-25 16:21 . 2011-05-31 01:42 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2011-08-25 16:18 . 2011-08-25 16:28 -------- d-----w- c:\users\UpdatusUser
2011-08-25 16:17 . 2011-08-27 08:30 -------- d-----w- c:\programdata\NVIDIA
2011-08-25 16:15 . 2011-08-26 13:40 -------- d-sh--w- c:\windows\Installer
2011-08-25 16:14 . 2011-08-25 16:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-25 16:14 . 2011-08-25 16:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-08-25 16:14 . 2011-06-09 03:24 1617512 ----a-w- c:\windows\system32\nvdispco6420120.dll
2011-08-25 16:14 . 2011-06-09 03:24 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-08-25 16:10 . 2011-08-25 16:16 -------- d-----w- C:\NvidiaLogs
2011-08-25 16:09 . 2011-08-25 16:16 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-25 16:09 . 2011-08-25 16:27 -------- d-----w- c:\programdata\Intel
2011-08-25 16:04 . 2010-10-05 18:50 8192 ----a-w- c:\windows\SysWow64\drivers\IntelMEFWVer.dll
2011-08-25 16:04 . 2010-10-05 18:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-08-25 16:04 . 2011-08-25 16:04 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-08-25 16:04 . 2010-09-21 07:59 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2011-08-25 16:04 . 2011-08-25 16:24 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-08-25 16:01 . 2010-10-04 05:02 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2011-08-25 16:01 . 2011-08-25 16:32 -------- d-----w- c:\program files (x86)\Intel
2011-08-25 16:00 . 2011-08-25 16:06 -------- d-----w- C:\Intel
2011-08-25 15:56 . 2011-08-25 19:16 -------- d-----w- c:\users\Tomas
2011-08-25 15:53 . 2011-08-25 15:53 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 09:35 . 2011-08-27 09:35 103140 --sh--r- C:\wgikco.exe
2011-06-02 08:32 . 2011-06-02 08:32 401896 ----a-w- c:\windows\system32\drivers\asmtxhci.sys
2011-06-02 08:32 . 2011-06-02 08:32 128488 ----a-w- c:\windows\system32\drivers\asmthub3.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 911680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DataFinder"="c:\program files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" [2010-06-08 2995296]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\niupdate.exe" [2010-05-27 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-27 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-27 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07153d6c-cf3a-11e0-9e73-bc77372b6460}]
\shell\AutoRun\command - F:\setup.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.3.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\TEMP\winbfncth.exe
.
**************************************************************************
.
Completion time: 2011-08-27 11:38:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 09:38
.
Pre-Run: 72 282 501 120 bytes free
Post-Run: 72 047 476 736 bytes free
.
- - End Of File - - 2F245A1D79851E8D042F357BE0AFA1AF

No ono nejake torrenty s hrami kde boli cracky a keygeny som stahoval v poslednej dobe ale napada ma este z roboty som si doniesol na usbkluci nejake data domov ako bo si potrebujem nieco na PC urobit a hentie autorun.inf som uz videl na par USB klucov co maju kolegovia

[ASAP]

Může být opravdu cokoliv. Už je zase obnovený zmrd c:\windows\TEMP\winbfncth.exe


Potřebuji abys naistaloval antvivirák třeba od Kaspersky a proved s něm hloubkovou kontrolu- léčit, co bude v tmp složkách mazat.


Máš možnost vypálení cd či tvorbu flash na druhém pc?

edit: sem zde dnes do 14 hodin, déle nemůžu

[SoundChaosDebug]

a ten kaspersky je freeware?
no tak mam tu este druhy PC ale v tom uz som mal USB kluc co som mal aj v tomto ... vypalit cd nemam ziadne volne cd a tvorba flash to neviem co je