Problem s Win7

[jaboos]

Dobrý den,

tenhle problém do této sekce nejspíš nepatří, ale třeba mi někdo pomůže...

PC mi stahlo automatické aktualizace, poté jsem restartoval systém a když nabíhal systém a konfigurace tak PC zamrzlo... nechal jsem ho jet přes noc, ale nic se nestalo. Tak jsem ho natvrdo restartoval a když počítač naběhl, měl jsem tam základní plochu a zmizel mi jeden celý oddíl disku. Chtěl jsem se vrátit pomocí obnovení systému, ale to píše, že ochrana je vypnutá...

Děkuji za každou radu...

[chodnik74]

Dobrý večer
Při startu pc mačkejte F8 a zkuste dát poslední známá funkční konfigurace,pokud nezabere,tak zase F8 a dejte nouzový režim s prácí v síti a udělejte log z RSIT dle návodu: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

[jaboos]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mareček at 2011-09-02 19:51:39
Microsoft Windows 7 Home Premium
System drive C: has 427 GB (92%) free of 462 GB
Total RAM: 4095 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:51:54, on 2.9.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Mareček.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKCU\..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8150 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=1660.0543BDC0.865082209 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\MAREEK~1\AppData\Local\Google\Chrome\APPLIC~1\130782~1.215\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Mareček\AppData\Local\Google\Chrome\Application\13.0.782.215\gcswf32.dll" --lang=cs --channel=1660.046D8A80.1110904266 --flash-broker=1892 /prefetch:4
"C:\Users\Mareček\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=1660.04797000.1468673628 /prefetch:3
"C:\Users\Mareček\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"EeeStorageBackup"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-11-26 1732608]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-15 16336416]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-08-12 323072]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-02-23 1022904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BrowserChoice"=C:\Windows\System32\browserchoice.exe [2010-02-23 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-01-23 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-11 8114720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=16

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-02 19:51:39 ----D---- C:\rsit
2011-09-02 19:49:38 ----A---- C:\Windows\ntbtlog.txt
2011-09-02 19:41:16 ----D---- C:\Windows\SYSWOW64\Wat
2011-09-02 19:41:15 ----D---- C:\Windows\system32\Wat
2011-09-02 19:31:32 ----A---- C:\Windows\SYSWOW64\wcncsvc.dll
2011-09-02 19:31:32 ----A---- C:\Windows\system32\wcncsvc.dll
2011-09-02 19:30:41 ----D---- C:\Program Files\CCleaner
2011-09-02 19:13:51 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2011-09-02 19:13:51 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2011-09-02 19:13:51 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2011-09-02 19:13:51 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2011-09-02 19:13:51 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2011-09-02 19:13:50 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-09-02 19:13:50 ----A---- C:\Windows\system32\PresentationHost.exe
2011-09-02 19:13:50 ----A---- C:\Windows\system32\netfxperf.dll
2011-09-02 19:13:50 ----A---- C:\Windows\system32\mscoree.dll
2011-09-02 19:13:50 ----A---- C:\Windows\system32\dfshim.dll
2011-09-02 19:12:58 ----A---- C:\Windows\system32\browserchoice.exe
2011-09-02 19:03:48 ----A---- C:\Windows\system32\MRT.exe
2011-09-02 18:57:22 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2011-09-02 18:57:22 ----A---- C:\Windows\system32\drivers\ks.sys
2011-09-02 18:57:13 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-09-02 18:57:13 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-09-02 18:57:13 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-09-02 18:57:13 ----A---- C:\Windows\system32\DWrite.dll
2011-09-02 18:57:13 ----A---- C:\Windows\system32\d3d10warp.dll
2011-09-02 18:57:13 ----A---- C:\Windows\system32\d2d1.dll
2011-09-02 18:57:12 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-09-02 18:57:12 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-09-02 18:57:12 ----A---- C:\Windows\system32\mf.dll
2011-09-02 18:57:12 ----A---- C:\Windows\system32\FntCache.dll
2011-09-02 18:57:11 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2011-09-02 18:57:11 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2011-09-02 18:57:11 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-09-02 18:57:11 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-09-02 18:57:11 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-09-02 18:57:11 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-09-02 18:57:11 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-09-02 18:57:11 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-09-02 18:57:11 ----A---- C:\Windows\system32\cdd.dll
2011-09-02 18:57:10 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-09-02 18:57:10 ----A---- C:\Windows\system32\mfps.dll
2011-09-02 18:57:04 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-09-02 18:56:28 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-09-02 18:56:28 ----A---- C:\Windows\system32\XpsPrint.dll
2011-09-02 18:56:26 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-09-02 18:56:26 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-09-02 18:56:26 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-09-02 18:56:26 ----A---- C:\Windows\system32\fontsub.dll
2011-09-02 18:56:26 ----A---- C:\Windows\system32\atmlib.dll
2011-09-02 18:56:26 ----A---- C:\Windows\system32\atmfd.dll
2011-09-02 18:56:24 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-09-02 18:56:24 ----A---- C:\Windows\system32\kerberos.dll
2011-09-02 18:56:17 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-09-02 18:56:17 ----A---- C:\Windows\system32\tzres.dll
2011-09-02 18:55:47 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2011-09-02 18:55:47 ----A---- C:\Windows\SYSWOW64\secproc.dll
2011-09-02 18:55:47 ----A---- C:\Windows\system32\secproc_isv.dll
2011-09-02 18:55:47 ----A---- C:\Windows\system32\secproc.dll
2011-09-02 18:55:47 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-09-02 18:55:47 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-09-02 18:55:47 ----A---- C:\Windows\system32\RMActivate.exe
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2011-09-02 18:55:46 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2011-09-02 18:55:46 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-09-02 18:55:46 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-09-02 18:55:46 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-09-02 18:55:42 ----A---- C:\Windows\system32\psisdecd.dll
2011-09-02 18:55:42 ----A---- C:\Windows\system32\msdri.dll
2011-09-02 18:55:41 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-09-02 18:55:39 ----A---- C:\Windows\system32\drivers\afd.sys
2011-09-02 18:55:36 ----A---- C:\Windows\system32\msxml6.dll
2011-09-02 18:55:36 ----A---- C:\Windows\system32\msxml3.dll
2011-09-02 18:55:35 ----A---- C:\Windows\SYSWOW64\upnp.dll
2011-09-02 18:55:35 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-09-02 18:55:35 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-09-02 18:55:35 ----A---- C:\Windows\system32\winhttp.dll
2011-09-02 18:55:35 ----A---- C:\Windows\system32\WebClnt.dll
2011-09-02 18:55:35 ----A---- C:\Windows\system32\upnp.dll
2011-09-02 18:55:34 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2011-09-02 18:55:34 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-09-02 18:55:34 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2011-09-02 18:55:34 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-09-02 18:55:34 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2011-09-02 18:55:34 ----A---- C:\Windows\system32\wscsvc.dll
2011-09-02 18:55:34 ----A---- C:\Windows\system32\wscapi.dll
2011-09-02 18:55:34 ----A---- C:\Windows\system32\slwga.dll
2011-09-02 18:55:34 ----A---- C:\Windows\system32\davclnt.dll
2011-09-02 18:55:29 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-09-02 18:55:29 ----A---- C:\Windows\system32\poqexec.exe
2011-09-02 18:55:27 ----A---- C:\Windows\system32\mssrch.dll
2011-09-02 18:55:26 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-09-02 18:55:26 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-09-02 18:55:26 ----A---- C:\Windows\system32\tquery.dll
2011-09-02 18:55:25 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-09-02 18:55:25 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-09-02 18:55:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-09-02 18:55:25 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-09-02 18:55:25 ----A---- C:\Windows\system32\mssph.dll
2011-09-02 18:55:24 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-09-02 18:55:24 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-09-02 18:55:24 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-09-02 18:55:24 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-09-02 18:55:24 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-09-02 18:55:24 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-09-02 18:55:24 ----A---- C:\Windows\system32\mssvp.dll
2011-09-02 18:55:24 ----A---- C:\Windows\system32\mssphtb.dll
2011-09-02 18:55:24 ----A---- C:\Windows\system32\msscntrs.dll
2011-09-02 18:55:22 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2011-09-02 18:55:22 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2011-09-02 18:55:22 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2011-09-02 18:55:22 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2011-09-02 18:55:22 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-09-02 18:55:22 ----A---- C:\Windows\system32\taskschd.dll
2011-09-02 18:55:22 ----A---- C:\Windows\system32\taskeng.exe
2011-09-02 18:55:22 ----A---- C:\Windows\system32\taskcomp.dll
2011-09-02 18:55:22 ----A---- C:\Windows\system32\schtasks.exe
2011-09-02 18:55:22 ----A---- C:\Windows\system32\schedsvc.dll
2011-09-02 18:55:18 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-09-02 18:55:18 ----A---- C:\Windows\system32\mfc42u.dll
2011-09-02 18:55:18 ----A---- C:\Windows\system32\mfc42.dll
2011-09-02 18:55:17 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-09-02 18:55:16 ----A---- C:\Windows\explorer.exe
2011-09-02 18:55:15 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-09-02 18:55:14 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-09-02 18:55:14 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-09-02 18:55:14 ----A---- C:\Windows\system32\sbe.dll
2011-09-02 18:55:14 ----A---- C:\Windows\system32\EncDec.dll
2011-09-02 18:55:14 ----A---- C:\Windows\system32\CPFilters.dll
2011-09-02 18:55:13 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-09-02 18:55:11 ----A---- C:\Windows\system32\odbccu32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-09-02 18:55:10 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\system32\odbctrac.dll
2011-09-02 18:55:10 ----A---- C:\Windows\system32\odbccr32.dll
2011-09-02 18:55:10 ----A---- C:\Windows\system32\odbccp32.dll
2011-09-02 18:54:24 ----A---- C:\Windows\system32\ole32.dll
2011-09-02 18:54:23 ----A---- C:\Windows\SYSWOW64\ole32.dll
2011-09-02 18:54:22 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-09-02 18:54:22 ----A---- C:\Windows\system32\xmllite.dll
2011-09-02 18:54:03 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-09-02 18:54:03 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-09-02 18:54:02 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-09-02 18:54:02 ----A---- C:\Windows\system32\jscript.dll
2011-09-02 18:54:01 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-09-02 18:54:01 ----A---- C:\Windows\system32\vbscript.dll
2011-09-02 18:53:59 ----A---- C:\Windows\SYSWOW64\webio.dll
2011-09-02 18:53:59 ----A---- C:\Windows\system32\webio.dll
2011-09-02 18:53:37 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-09-02 18:53:31 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2011-09-02 18:53:31 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-09-02 18:53:31 ----A---- C:\Windows\system32\asycfilt.dll
2011-09-02 18:53:30 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2011-09-02 18:53:29 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-09-02 18:53:29 ----A---- C:\Windows\system32\shell32.dll
2011-09-02 18:53:25 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2011-09-02 18:53:25 ----A---- C:\Windows\system32\comctl32.dll
2011-09-02 18:53:24 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2011-09-02 18:53:24 ----A---- C:\Windows\system32\t2embed.dll
2011-09-02 18:53:19 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-09-02 18:51:31 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2011-09-02 18:51:31 ----A---- C:\Windows\SYSWOW64\secur32.dll
2011-09-02 18:51:31 ----A---- C:\Windows\system32\lsasrv.dll
2011-09-02 18:51:31 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-09-02 18:51:22 ----A---- C:\Windows\system32\mshtml.dll
2011-09-02 18:51:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-09-02 18:51:19 ----A---- C:\Windows\system32\ieframe.dll
2011-09-02 18:51:18 ----A---- C:\Windows\system32\iertutil.dll
2011-09-02 18:51:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-09-02 18:51:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-09-02 18:51:16 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-09-02 18:51:16 ----A---- C:\Windows\system32\urlmon.dll
2011-09-02 18:51:16 ----A---- C:\Windows\system32\mstime.dll
2011-09-02 18:51:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-09-02 18:51:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-09-02 18:51:15 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-09-02 18:51:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-09-02 18:51:15 ----A---- C:\Windows\system32\wininet.dll
2011-09-02 18:51:15 ----A---- C:\Windows\system32\iedkcs32.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-09-02 18:51:14 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\url.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\mshtmled.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\licmgr10.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\ieui.dll
2011-09-02 18:51:14 ----A---- C:\Windows\system32\iepeers.dll
2011-09-02 18:51:13 ----A---- C:\Windows\SYSWOW64\url.dll
2011-09-02 18:51:13 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-09-02 18:51:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-09-02 18:51:13 ----A---- C:\Windows\system32\msfeedssync.exe
2011-09-02 18:51:13 ----A---- C:\Windows\system32\jsproxy.dll
2011-09-02 18:47:43 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-09-02 18:47:42 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-09-02 18:47:42 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-09-02 18:47:34 ----A---- C:\Windows\system32\drivers\vsapint.sys
2011-09-02 18:47:34 ----A---- C:\Windows\system32\drivers\tmxpflt.sys
2011-09-02 18:47:34 ----A---- C:\Windows\system32\drivers\tmpreflt.sys
2011-09-02 18:43:34 ----A---- C:\Windows\SYSWOW64\schannel.dll
2011-09-02 18:43:34 ----A---- C:\Windows\system32\schannel.dll
2011-09-02 18:42:43 ----A---- C:\Windows\system32\spoolsv.exe
2011-09-02 18:42:19 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-09-02 18:42:19 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-09-02 18:42:19 ----A---- C:\Windows\system32\drivers\srv.sys
2011-09-02 18:42:17 ----A---- C:\Windows\system32\winlogon.exe
2011-09-02 18:42:16 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2011-09-02 18:42:16 ----A---- C:\Windows\system32\rtutils.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\quartz.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\tsbyuv.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\quartz.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\msyuv.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\msvidc32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\msrle32.dll
2011-09-02 18:42:12 ----A---- C:\Windows\system32\iyuv_32.dll
2011-09-02 18:40:53 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-09-02 18:40:50 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2011-09-02 18:40:48 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-09-02 18:40:48 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-09-02 18:40:48 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-09-02 18:40:48 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-09-02 18:40:48 ----A---- C:\Windows\system32\dnsapi.dll
2011-09-02 18:40:30 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2011-09-02 18:40:30 ----A---- C:\Windows\system32\wmpmde.dll
2011-09-02 18:40:27 ----A---- C:\Windows\system32\ntdll.dll
2011-09-02 18:40:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-09-02 18:40:25 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-09-02 18:40:24 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-09-02 18:40:24 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-09-02 18:40:24 ----A---- C:\Windows\system32\d3d10_1.dll
2011-09-02 18:40:22 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-09-02 18:40:22 ----A---- C:\Windows\system32\inetcomm.dll
2011-09-02 18:40:21 ----A---- C:\Windows\system32\mstscax.dll
2011-09-02 18:40:20 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-09-02 18:40:19 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-09-02 18:40:19 ----A---- C:\Windows\system32\mstsc.exe
2011-09-02 18:40:17 ----A---- C:\Windows\system32\winresume.exe
2011-09-02 18:40:17 ----A---- C:\Windows\system32\winload.exe
2011-09-02 18:40:16 ----A---- C:\Windows\system32\kdusb.dll
2011-09-02 18:40:16 ----A---- C:\Windows\system32\kdcom.dll
2011-09-02 18:40:16 ----A---- C:\Windows\system32\kd1394.dll
2011-09-02 18:40:14 ----A---- C:\Windows\system32\oleaut32.dll
2011-09-02 18:40:13 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-09-02 18:40:11 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2011-09-02 18:40:10 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2011-09-02 18:40:08 ----A---- C:\Windows\system32\wow64win.dll
2011-09-02 18:40:08 ----A---- C:\Windows\system32\winsrv.dll
2011-09-02 18:40:08 ----A---- C:\Windows\system32\KernelBase.dll
2011-09-02 18:40:08 ----A---- C:\Windows\system32\kernel32.dll
2011-09-02 18:40:08 ----A---- C:\Windows\system32\conhost.exe
2011-09-02 18:40:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-09-02 18:40:07 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-09-02 18:40:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-09-02 18:40:07 ----A---- C:\Windows\system32\wow64cpu.dll
2011-09-02 18:40:07 ----A---- C:\Windows\system32\wow64.dll
2011-09-02 18:40:07 ----A---- C:\Windows\system32\ntvdm64.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-09-02 18:40:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-09-02 18:40:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-09-02 18:40:05 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-09-02 18:40:05 ----A---- C:\Windows\SYSWOW64\user.exe
2011-09-02 18:40:02 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-09-02 18:40:02 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-09-02 18:40:02 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-09-02 18:40:02 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-09-02 18:40:02 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-09-02 18:40:00 ----A---- C:\Windows\system32\wmp.dll
2011-09-02 18:39:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2011-09-02 18:39:57 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-09-02 18:39:56 ----A---- C:\Windows\system32\wmploc.DLL
2011-09-02 18:39:55 ----A---- C:\Windows\system32\win32k.sys
2011-09-02 18:39:52 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-09-02 18:39:51 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-09-02 18:36:34 ----A---- C:\Windows\system32\odbc32.dll
2011-09-02 18:36:33 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-09-02 18:30:00 ----A---- C:\Windows\system32\consent.exe
2011-09-02 18:28:46 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-09-02 18:28:46 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-09-02 18:27:57 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-09-02 18:27:57 ----A---- C:\Windows\system32\prevhost.exe
2011-09-02 16:08:17 ----A---- C:\Windows\system32\srvsvc.dll
2011-09-02 16:08:16 ----A---- C:\Windows\SYSWOW64\sscore.dll
2011-09-02 16:07:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-09-02 16:07:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-09-02 16:07:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-09-02 15:56:46 ----N---- C:\Windows\system32\MpSigStub.exe
2011-09-02 15:53:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2011-09-02 15:53:33 ----A---- C:\Windows\system32\wintrust.dll
2011-09-02 15:52:34 ----A---- C:\Windows\SYSWOW64\cabview.dll
2011-09-02 15:52:34 ----A---- C:\Windows\system32\cabview.dll
2011-09-02 15:40:38 ----D---- C:\Users\Mareček\AppData\Roaming\Macromedia
2011-09-02 15:40:37 ----D---- C:\Users\Mareček\AppData\Roaming\Adobe
2011-09-02 02:45:22 ----ASH---- C:\pagefile.sys
2011-09-02 02:45:03 ----ASH---- C:\hiberfil.sys
2011-09-02 00:09:47 ----SHD---- C:\System Volume Information
2011-09-02 00:09:37 ----A---- C:\Pass.txt
2011-09-01 17:13:08 ----D---- C:\Users\Mareček\AppData\Roaming\Asus WebStorage
2011-09-01 16:59:33 ----D---- C:\Users\Mareček\AppData\Roaming\Identities
2011-09-01 16:58:29 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-01 16:58:29 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2011-09-01 16:58:28 ----D---- C:\Program Files\Windows Live
2011-09-01 16:57:09 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2011-09-01 16:55:52 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-09-01 16:55:52 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-09-01 16:55:26 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-01 16:53:42 ----D---- C:\Program Files (x86)\Microsoft
2011-09-01 16:53:15 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2011-09-01 16:53:08 ----D---- C:\Program Files (x86)\Windows Live
2011-09-01 16:50:54 ----HD---- C:\asus.dat
2011-09-01 16:50:32 ----SD---- C:\Users\Mareček\AppData\Roaming\Microsoft
2011-09-01 16:50:32 ----D---- C:\Users\Mareček\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 month======

2011-09-03 04:32:08 ----D---- C:\Windows\system32\LogFiles
2011-09-02 19:51:54 ----D---- C:\Program Files\Trend Micro
2011-09-02 19:49:38 ----D---- C:\Windows
2011-09-02 19:48:41 ----D---- C:\Windows\system32\config
2011-09-02 19:48:40 ----D---- C:\Windows\Microsoft.NET
2011-09-02 19:48:39 ----RSD---- C:\Windows\assembly
2011-09-02 19:48:39 ----D---- C:\Windows\Temp
2011-09-02 19:48:37 ----D---- C:\Windows\system32\drivers\etc
2011-09-02 19:45:43 ----D---- C:\Windows\Prefetch
2011-09-02 19:45:21 ----D---- C:\Windows\system32\Tasks
2011-09-02 19:44:47 ----D---- C:\Windows\SysWOW64
2011-09-02 19:44:47 ----D---- C:\Windows\System32
2011-09-02 19:44:33 ----D---- C:\Windows\winsxs
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\sl-SI
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\ro-RO
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\lv-LV
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\lt-LT
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-09-02 19:41:37 ----D---- C:\Windows\SYSWOW64\bg-BG
2011-09-02 19:41:36 ----D---- C:\Windows\SYSWOW64\pl-PL
2011-09-02 19:41:36 ----D---- C:\Windows\SYSWOW64\hu-HU
2011-09-02 19:41:36 ----D---- C:\Windows\SYSWOW64\hr-HR
2011-09-02 19:41:36 ----D---- C:\Windows\SYSWOW64\et-EE
2011-09-02 19:41:36 ----D---- C:\Windows\SYSWOW64\en-US
2011-09-02 19:41:36 ----D---- C:\Windows\system32\sr-Latn-CS
2011-09-02 19:41:36 ----D---- C:\Windows\system32\sk-SK
2011-09-02 19:41:36 ----D---- C:\Windows\system32\ro-RO
2011-09-02 19:41:36 ----D---- C:\Windows\system32\lv-LV
2011-09-02 19:41:36 ----D---- C:\Windows\system32\lt-LT
2011-09-02 19:41:36 ----D---- C:\Windows\system32\cs-CZ
2011-09-02 19:41:35 ----D---- C:\Windows\system32\sl-SI
2011-09-02 19:41:35 ----D---- C:\Windows\system32\pl-PL
2011-09-02 19:41:35 ----D---- C:\Windows\system32\hu-HU
2011-09-02 19:41:35 ----D---- C:\Windows\system32\hr-HR
2011-09-02 19:41:35 ----D---- C:\Windows\system32\et-EE
2011-09-02 19:41:35 ----D---- C:\Windows\system32\en-US
2011-09-02 19:41:35 ----D---- C:\Windows\system32\bg-BG
2011-09-02 19:41:32 ----D---- C:\Windows\system32\drivers
2011-09-02 19:41:31 ----D---- C:\Program Files\Internet Explorer
2011-09-02 19:41:31 ----D---- C:\Program Files (x86)\Internet Explorer
2011-09-02 19:41:27 ----D---- C:\Windows\ehome
2011-09-02 19:41:27 ----D---- C:\Program Files\Windows Mail
2011-09-02 19:41:27 ----D---- C:\Program Files (x86)\Windows Mail
2011-09-02 19:41:25 ----RSD---- C:\Windows\Fonts
2011-09-02 19:41:14 ----D---- C:\Windows\AppPatch
2011-09-02 19:41:10 ----D---- C:\Windows\system32\Boot
2011-09-02 19:41:06 ----D---- C:\Program Files\Windows Media Player
2011-09-02 19:41:06 ----D---- C:\Program Files (x86)\Windows Media Player
2011-09-02 19:41:04 ----D---- C:\Windows\SYSWOW64\migration
2011-09-02 19:41:02 ----D---- C:\Windows\system32\migration
2011-09-02 19:41:02 ----D---- C:\Windows\inf
2011-09-02 19:40:58 ----D---- C:\Windows\system32\DriverStore
2011-09-02 19:32:36 ----D---- C:\Windows\Logs
2011-09-02 19:32:36 ----D---- C:\Windows\debug
2011-09-02 19:31:48 ----D---- C:\Windows\system32\catroot
2011-09-02 19:30:41 ----RD---- C:\Program Files
2011-09-02 19:21:07 ----D---- C:\Windows\system32\catroot2
2011-09-02 18:57:28 ----D---- C:\Windows\SoftwareDistribution
2011-09-02 18:40:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-02 18:29:24 ----D---- C:\ProgramData\Trend Micro
2011-09-02 15:38:11 ----SD---- C:\ProgramData\Microsoft
2011-09-02 15:36:23 ----A---- C:\Windows\system32\Defrag.ini
2011-09-02 02:47:58 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-09-01 20:57:59 ----D---- C:\Windows\system32\wdi
2011-09-01 17:23:15 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-01 17:22:28 ----AD---- C:\ProgramData\Temp
2011-09-01 17:09:31 ----SHD---- C:\Recovery
2011-09-01 17:00:09 ----HD---- C:\ProgramData
2011-09-01 16:59:12 ----SHD---- C:\$Recycle.Bin
2011-09-01 16:58:41 ----SHD---- C:\Windows\Installer
2011-09-01 16:57:09 ----RD---- C:\Program Files (x86)
2011-09-01 16:52:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-01 16:51:31 ----D---- C:\Program Files (x86)\Common Files
2011-09-01 16:50:31 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-01-23 35384]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-07-30 241696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-29 107536]
S2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
S2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2010-07-30 309840]
S2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2010-07-30 1988176]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-11 2001056]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-05-01 81440]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-15 382496]
S2 OberonGameConsoleService;Oberon Media Game Console service; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-10-09 859712]
S3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-29 570632]
S3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]

-----------------EOF-----------------

[jaboos]

info.txt logfile of random's system information tool 1.09 2011-09-02 19:51:58

======Uninstall list======

2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{331C520E-D8C3-4AB9-ADF7-A666A3561922}\Setup.exe -runfromtemp -l0x0409
Alice Greenfingers-->"C:\Program Files (x86)\Asus\Game Park\Alice Greenfingers\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Alice Greenfingers\install.log"
Asistent pro přihlášení ke službě Windows Live-->MsiExec.exe /I{1E779810-ACCA-4483-BC76-12DFE055B452}
ASUS AI Recovery-->MsiExec.exe /I{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}
ASUS AP Bank-->"C:\Program Files (x86)\ASUS\ASUS AP Bank\unins000.exe"
ASUS Data Security Manager-->MsiExec.exe /X{FA2092C5-7979-412D-A962-6485274AE1EE}
ASUS FancyStart-->MsiExec.exe /I{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe" -l0x9
ASUS Power4Gear Hybrid-->MsiExec.exe /I{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ASUS WebStorage-->C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe
ASUS_Screensaver-->C:\Windows\system32\ASUS_Screensaver.scr /u
ATK Generic Function Service-->C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ControlDeck-->MsiExec.exe /I{5B65EF64-1DFA-414A-8C94-7BB726158E21}
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Dream Day Wedding Married in Manhattan-->"C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\install.log"
ETDWare PS/2-x64 7.0.5.9_WHQL-->C:\Program Files\Elantech\ETDUninst.exe
Fast Boot-->MsiExec.exe /I{13F4A7F3-EABC-4261-AF6B-1317777F0755}
Game Park Console-->"C:\Program Files (x86)\Asus\Game Park\GameConsole\unins000.exe"
Chicken Invaders 2-->"C:\Program Files (x86)\Asus\Game Park\Chicken Invaders 2\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Chicken Invaders 2\install.log"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Island Wars 2-->"C:\Program Files (x86)\Asus\Game Park\Island Wars 2\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Island Wars 2\install.log"
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0015-040E-0000-0000000FF1CE}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Access MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0015-0418-0000-0000000FF1CE}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Access MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-0015-0424-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0016-040E-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Excel MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0016-0418-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-0016-0424-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-001A-040E-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Romanian) 2007-->MsiExec.exe /X{90120000-001A-0418-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-001A-0424-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0018-040E-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0018-0418-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-0018-0424-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Croatian) 2007-->MsiExec.exe /X{90120000-001F-041A-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proof (Romanian) 2007-->MsiExec.exe /X{90120000-001F-0418-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proof (Slovenian) 2007-->MsiExec.exe /X{90120000-001F-0424-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Hungarian) 2007-->MsiExec.exe /X{90120000-002C-040E-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Romanian) 2007-->MsiExec.exe /X{90120000-002C-0418-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovenian) 2007-->MsiExec.exe /X{90120000-002C-0424-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0019-040E-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0019-0418-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-0019-0424-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-002A-040E-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Polish) 2007-->MsiExec.exe /X{90120000-002A-0415-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Romanian) 2007-->MsiExec.exe /X{90120000-002A-0418-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2007-->MsiExec.exe /X{90120000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-002A-0424-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-006E-040E-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Romanian) 2007-->MsiExec.exe /X{90120000-006E-0418-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-006E-0424-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-001B-040E-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Romanian) 2007-->MsiExec.exe /X{90120000-001B-0418-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovenian) 2007-->MsiExec.exe /X{90120000-001B-0424-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nástroj pro odesílání služby Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Piggly-->"C:\Program Files (x86)\Asus\Game Park\Piggly\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Piggly\install.log"
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Smileyville-->"C:\Program Files (x86)\Asus\Game Park\Smileyville\Uninstall.exe" "C:\Program Files (x86)\Asus\Game Park\Smileyville\install.log"
SRS Premium Sound Control Panel-->MsiExec.exe /I{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}
Windows Live Fotogalerie-->MsiExec.exe /X{A13DE9CB-8C84-4889-B114-C5A9661F844E}
Windows Live Mail-->MsiExec.exe /I{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}
Windows Live Messenger-->MsiExec.exe /X{20D0CDB1-5F03-4A5D-86EB-7C218053B157}
Windows Live Sync-->MsiExec.exe /X{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}
Windows Live Toolbar-->MsiExec.exe /X{CF22161D-0E1B-489E-BBC8-684055836FE9}
Windows Live Writer-->MsiExec.exe /X{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}
Windows Live Zabezpečení rodiny-->MsiExec.exe /X{D35D9E34-7B4A-44E3-A882-69A6C6088BC6}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}

======System event log======

Computer Name: WIN-CV61EIBPPAT
Event Code: 7036
Message: Stav služby Windows Search byl změněn na: stopped
Record Number: 1360
Source Name: Service Control Manager
Time Written: 20100123013525.207400-000
Event Type: Informace
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 1359
Source Name: Service Control Manager
Time Written: 20100123013523.382200-000
Event Type: Informace
User: Marek\Administrator

Computer Name: WIN-CV61EIBPPAT
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1358
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100123013512.228200-000
Event Type: Informace
User: Marek\Administrator

Computer Name: WIN-CV61EIBPPAT
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1357
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100123013511.963000-000
Event Type: Informace
User: Marek\Administrator

Computer Name: WIN-CV61EIBPPAT
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1356
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100123013511.760200-000
Event Type: Informace
User: Marek\Administrator

=====Application event log=====

Computer Name: WIN-CV61EIBPPAT
Event Code: 9013
Message: Nebylo možné spustit Správce oken plochy, protože rozvržení bylo zakázáno spuštěnou aplikací.
Record Number: 872
Source Name: Desktop Window Manager
Time Written: 20100123013530.000000-000
Event Type: Informace
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 9010
Message: Proces (Windows System Assessment Tool) zadal požadavek na zakázání Správce oken plochy.
Record Number: 871
Source Name: Desktop Window Manager
Time Written: 20100123013530.000000-000
Event Type: Informace
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 870
Source Name: Microsoft-Windows-Search
Time Written: 20100123013526.000000-000
Event Type: Informace
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 869
Source Name: Microsoft-Windows-Search
Time Written: 20100123013525.000000-000
Event Type: Informace
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 103
Message: Windows (2708) Windows: Databázový stroj zastavil instanci (0).
Record Number: 868
Source Name: ESENT
Time Written: 20100123013525.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: WIN-CV61EIBPPAT
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 278
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123013526.096600-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-CV61EIBPPAT$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1f0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 277
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123013526.096600-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 4738
Message: Byl změněn uživatelský účet.

Předmět:
ID zabezpečení: S-1-5-21-2802798163-4143241050-3847378174-500
Název účtu: Administrator
Doména účtu: WIN-CV61EIBPPAT
ID přihlášení: 0x27faa

Cílový účet:
ID zabezpečení: S-1-5-21-2802798163-4143241050-3847378174-500
Název účtu: Administrator
Doména účtu: WIN-CV61EIBPPAT

Změněné atributy:
Název účtu SAM: -
Zobrazovaný název: -
Zaregistrovaný název uživatele: -
Domovský adresář: -
Domovská jednotka: -
Cesta skriptu: -
Cesta profilu: -
Pracovní stanice uživatele: -
Poslední nastavení hesla: -
Vypršení platnosti účtu: -
ID primární skupiny: -
Povolené delegování: -
Původní hodnota UAC: 0x210
Nová hodnota UAC: 0x211
Řízení účtu uživatele:
Účet je zakázán.
Parametry uživatele: -
Historie identifikátoru zabezpečení: -
Přihlašovací hodiny: -

Další informace:
Oprávnění: -
Record Number: 276
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123013521.822200-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 4725
Message: Uživatelský účet byl zakázán.

Předmět:
ID zabezpečení: S-1-5-21-2802798163-4143241050-3847378174-500
Název účtu: Administrator
Doména účtu: WIN-CV61EIBPPAT
ID přihlášení: 0x27faa

Cílový účet:
ID zabezpečení: S-1-5-21-2802798163-4143241050-3847378174-500
Název účtu: Administrator
Doména účtu: WIN-CV61EIBPPAT
Record Number: 275
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123013521.822200-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-CV61EIBPPAT
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-2802798163-4143241050-3847378174-500
Název účtu: Administrator
Název domény: WIN-CV61EIBPPAT
ID přihlášení: 0x27faa
Record Number: 274
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100123013512.181400-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"configsetroot"=%SystemRoot%\ConfigSetRoot
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[chodnik74]

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[jaboos]

ComboFix 11-09-02.01 - Mareček 02.09.2011 20:10:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2673 [GMT 2:00]
Spuštěný z: c:\users\Mareček\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-02 do 2011-09-02 )))))))))))))))))))))))))))))))
.
.
2011-09-02 18:16 . 2011-09-02 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 17:51 . 2011-09-02 17:51 -------- d-----w- C:\rsit
2011-09-02 17:41 . 2011-09-02 17:41 -------- d-----w- c:\windows\SysWow64\Wat
2011-09-02 17:41 . 2011-09-02 17:41 -------- d-----w- c:\windows\system32\Wat
2011-09-02 17:31 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-09-02 17:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-09-02 17:30 . 2011-09-02 17:30 -------- d-----w- c:\program files\CCleaner
2011-09-02 17:13 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-09-02 17:13 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-09-02 17:13 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-09-02 17:13 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-09-02 17:13 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-09-02 17:13 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-02 17:13 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-02 17:13 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-09-02 17:13 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-02 17:13 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-09-02 17:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-09-02 16:56 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-02 16:56 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-09-02 16:56 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-09-02 16:56 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-09-02 16:56 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-09-02 16:56 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-09-02 16:56 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-09-02 16:56 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-09-02 16:56 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-09-02 16:56 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-09-02 16:56 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-02 16:56 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-09-02 16:54 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-09-02 16:54 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-09-02 16:54 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-09-02 16:54 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-09-02 16:54 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-02 16:54 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-09-02 16:54 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-09-02 16:54 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-02 16:51 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-09-02 16:47 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-02 16:47 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-02 16:47 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-02 16:47 . 2010-07-30 17:30 309840 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-02 16:47 . 2010-07-30 17:30 42576 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-02 16:47 . 2010-07-30 17:24 1988176 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-02 16:43 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-09-02 16:43 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2011-09-02 16:40 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-09-02 16:39 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-09-02 16:39 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-09-02 16:39 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-09-02 16:39 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-09-02 16:39 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 16:39 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-02 16:39 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-02 16:36 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-09-02 16:36 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-09-02 16:36 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-09-02 16:36 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-09-02 16:36 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-09-02 16:36 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-09-02 16:36 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-09-02 16:36 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-09-02 16:36 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-09-02 16:36 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-09-02 16:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-09-02 16:28 . 2009-10-24 04:28 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-09-02 16:28 . 2009-10-24 04:27 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-09-02 16:28 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-09-02 16:28 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2011-09-02 16:27 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-09-02 16:27 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-09-02 16:27 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-09-02 14:08 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-09-02 14:08 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-09-02 14:07 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-02 14:07 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-09-02 14:07 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-09-02 13:56 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2DB860E-E3FD-4B5A-9DD5-C63BB1E36A0C}\mpengine.dll
2011-09-02 13:56 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-09-02 13:53 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-09-02 13:53 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-09-02 13:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-09-02 13:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-09-01 14:58 . 2011-09-01 14:58 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-01 14:58 . 2008-12-08 15:35 61792 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-01 14:58 . 2011-09-01 14:58 -------- d-----w- c:\program files\Windows Live
2011-09-01 14:57 . 2011-09-01 14:57 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-01 14:55 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-01 14:55 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-09-01 14:55 . 2011-09-01 14:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-01 14:53 . 2011-09-01 14:58 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-01 14:53 . 2011-09-01 14:53 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-09-01 14:53 . 2011-09-01 14:58 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-01 14:51 . 2011-09-01 14:51 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-01 14:50 . 2011-09-01 15:00 -------- d-----w- C:\asus.dat
2011-09-01 14:50 . 2011-09-01 14:59 -------- d-----w- c:\users\Mareček
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-09-02 16:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-23 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-23 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 16336416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2011-09-02 20:21:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-02 18:21
.
Před spuštěním: Volných bajtů: 447 037 652 992
Po spuštění: Volných bajtů: 446 719 336 448
.
- - End Of File - - 879D9448749CD6197C205623678134BC

[chodnik74]

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "UpdateLBPShortCut"=-
  "UpdateP2GoShortCut"=-
  
  DDS::
  uStart Page = hxxp://asus.msn.com
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

[jaboos]

ComboFix 11-09-02.01 - Mareček 02.09.2011 20:55:36.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2742 [GMT 2:00]
Spuštěný z: c:\users\Mareček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mareček\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-02 do 2011-09-02 )))))))))))))))))))))))))))))))
.
.
2011-09-02 18:59 . 2011-09-02 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 17:51 . 2011-09-02 17:51 -------- d-----w- C:\rsit
2011-09-02 17:41 . 2011-09-02 17:41 -------- d-----w- c:\windows\SysWow64\Wat
2011-09-02 17:41 . 2011-09-02 17:41 -------- d-----w- c:\windows\system32\Wat
2011-09-02 17:31 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-09-02 17:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-09-02 17:30 . 2011-09-02 17:30 -------- d-----w- c:\program files\CCleaner
2011-09-02 17:13 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-09-02 17:13 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-09-02 17:13 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-09-02 17:13 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-09-02 17:13 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-09-02 17:13 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-02 17:13 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-02 17:13 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-09-02 17:13 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-02 17:13 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-09-02 17:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-09-02 16:56 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-02 16:56 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-09-02 16:56 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-09-02 16:56 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-09-02 16:56 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-09-02 16:56 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-09-02 16:56 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-09-02 16:56 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-09-02 16:56 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-09-02 16:56 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-09-02 16:56 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-02 16:56 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-09-02 16:54 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-09-02 16:54 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-09-02 16:54 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-09-02 16:54 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-09-02 16:54 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-02 16:54 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-09-02 16:54 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-09-02 16:54 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-02 16:51 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-09-02 16:47 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-02 16:47 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-02 16:47 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-02 16:47 . 2010-07-30 17:30 309840 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-02 16:47 . 2010-07-30 17:30 42576 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-02 16:47 . 2010-07-30 17:24 1988176 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-02 16:43 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-09-02 16:43 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2011-09-02 16:40 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-09-02 16:39 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-09-02 16:39 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-09-02 16:39 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-09-02 16:39 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-09-02 16:39 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 16:39 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-02 16:39 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-02 16:36 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-09-02 16:36 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-09-02 16:36 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-09-02 16:36 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-09-02 16:36 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-09-02 16:36 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-09-02 16:36 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-09-02 16:36 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-09-02 16:36 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-09-02 16:36 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-09-02 16:30 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-09-02 16:28 . 2009-10-24 04:28 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-09-02 16:28 . 2009-10-24 04:27 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-09-02 16:28 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-09-02 16:28 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2011-09-02 16:27 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-09-02 16:27 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-09-02 16:27 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-09-02 14:08 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-09-02 14:08 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-09-02 14:07 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-02 14:07 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-09-02 14:07 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-09-02 13:56 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2DB860E-E3FD-4B5A-9DD5-C63BB1E36A0C}\mpengine.dll
2011-09-02 13:56 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-09-02 13:53 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-09-02 13:53 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-09-02 13:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-09-02 13:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-09-01 14:58 . 2011-09-01 14:58 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-01 14:58 . 2008-12-08 15:35 61792 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-01 14:58 . 2011-09-01 14:58 -------- d-----w- c:\program files\Windows Live
2011-09-01 14:57 . 2011-09-01 14:57 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-01 14:55 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-01 14:55 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-09-01 14:55 . 2011-09-01 14:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-01 14:53 . 2011-09-01 14:58 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-01 14:53 . 2011-09-01 14:53 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-09-01 14:53 . 2011-09-01 14:58 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-01 14:51 . 2011-09-01 14:51 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-01 14:50 . 2011-09-01 15:00 -------- d-----w- C:\asus.dat
2011-09-01 14:50 . 2011-09-01 14:59 -------- d-----w- c:\users\Mareček
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-09-02 16:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-02_18.17.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-09-02 18:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-02 19:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 18:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-02 19:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-02 19:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-02 18:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-23 17:27 . 2011-09-02 18:19 19392 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-02 18:19 31164 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-02 13:38 . 2011-09-02 18:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-02 13:38 . 2011-09-02 18:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-09-02 18:24 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-02 13:38 . 2011-09-02 18:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-02 13:38 . 2011-09-02 18:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-02 13:38 . 2011-09-02 18:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-02 13:38 . 2011-09-02 18:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-01 15:27 . 2011-09-02 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-01 15:27 . 2011-09-02 18:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-01 15:27 . 2011-09-02 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-01 15:27 . 2011-09-02 18:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-01 14:52 . 2011-09-02 18:19 2806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2802798163-4143241050-3847378174-1000_UserData.bin
- 2011-09-02 18:17 . 2011-09-02 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-02 19:00 . 2011-09-02 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-02 18:17 . 2011-09-02 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-02 19:00 . 2011-09-02 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-03 19:55 . 2011-09-02 18:13 679642 c:\windows\system32\perfh015.dat
+ 2009-08-03 19:55 . 2011-09-02 18:44 679642 c:\windows\system32\perfh015.dat
+ 2009-08-03 20:06 . 2011-09-02 18:44 623220 c:\windows\system32\perfh00E.dat
- 2009-08-03 20:06 . 2011-09-02 18:13 623220 c:\windows\system32\perfh00E.dat
- 2009-07-14 02:36 . 2011-09-02 18:13 607190 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-02 18:44 607190 c:\windows\system32\perfh009.dat
+ 2009-08-03 20:00 . 2011-09-02 18:44 622660 c:\windows\system32\perfh005.dat
- 2009-08-03 20:00 . 2011-09-02 18:13 622660 c:\windows\system32\perfh005.dat
- 2009-08-03 19:55 . 2011-09-02 18:13 131232 c:\windows\system32\perfc015.dat
+ 2009-08-03 19:55 . 2011-09-02 18:44 131232 c:\windows\system32\perfc015.dat
+ 2009-08-03 20:06 . 2011-09-02 18:44 144282 c:\windows\system32\perfc00E.dat
- 2009-08-03 20:06 . 2011-09-02 18:13 144282 c:\windows\system32\perfc00E.dat
+ 2009-07-14 02:36 . 2011-09-02 18:44 103568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-02 18:13 103568 c:\windows\system32\perfc009.dat
- 2009-08-03 20:00 . 2011-09-02 18:13 118810 c:\windows\system32\perfc005.dat
+ 2009-08-03 20:00 . 2011-09-02 18:44 118810 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-09-02 18:16 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-02 19:00 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-09-02 18:16 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-09-02 18:31 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-23 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-23 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 16336416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2011-09-02 21:05:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-02 19:05
ComboFix2.txt 2011-09-02 18:21
.
Před spuštěním: Volných bajtů: 447 032 664 064
Po spuštění: Volných bajtů: 446 964 174 848
.
- - End Of File - - 74BCA938E960027EBAF526E7B57A2E0F

[chodnik74]

Jak se chová PC?

[jaboos]

No PC se chová normálně, ale pořád mi nenaskočil ten předchozí stav. Jak říkám, je to jak tovární nastavení. Základní ikony, základní velikost ikon a ten jeden oddíl na disku jak kdyby se sloučil s tím základním a data se smazala...

[chodnik74]

Mohl by jste mi pořídit screen problému?

Screenshot. Jak jej vytvorit a zaslat na forum?

[jaboos]

Takhle vypadá plocha

http://img30.imageshack.us/img30/6663/plochar.png

A takhle Tento počítač. V něm byly dva disky. Cca 2x 250 GB , z toho jeden byl skoro plnej...

http://img37.imageshack.us/img37/9137/tentopc.png

[chodnik74]

Mrkneme na disk.. dejte start a klikněte pravým na tento počítač a volbu Spravovat Tam klikněte na Správa disků a vložte mi sem screen

[jaboos]

http://img89.imageshack.us/img89/173/beznzvuuj.png

[chodnik74]

Poradím se s kolegy