Dobrý den mám jenden problém.... místo háčků nebo čárek vždy napíšu ˇˇd nebo ´´o . Mam podezření že to bude nějaký Vir.
Děkuju Drago125
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2011-11-26 13:53:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 31 GB (26%) free of 119 GB
Total RAM: 4095 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:14, on 26.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Pavel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: sfklg.dll C:\Windows\SysWOW64\guard32.dll
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSID618.tmp
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13773 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe"
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\Installer\MSID618.tmp" -service
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
"taskhost.exe"
WDC.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\SysWOW64\nvSCPAPISvr.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 3456
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\explorer.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=9684.6547b50.981848976 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.8.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 9684 "\\.\pipe\gecko-crash-server-pipe.9684" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe32_ Global\UsGthrCtrlFltPipeMssGthrPipe32 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Pavel\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\sh8jhgzs.default
prefs.js - "browser.startup.homepage" - "seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\sh8jhgzs.default\extensions\
battlefieldplay4free@ea.com
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-11 386264]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2010-03-16 1754448]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-12-11 16414824]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 9264456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-10-11 3077528]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-05-28 3054136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe [2011-09-29 243360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-21 9639424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe [2009-08-01 2680160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 442880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pavel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Boingo Wi-Fi"=C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2010-05-28 2429]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-20 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-07-11 273544]
"NPSStartup"= []
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-05-26 213304]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-05-26 184120]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll [2010-01-28 104448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-11-24 19:08:43 ----D---- C:\Users\Pavel\AppData\Roaming\TS3Client
2011-11-24 19:07:40 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-11-23 18:23:09 ----D---- C:\Users\Pavel\AppData\Roaming\SWF.max
2011-11-23 18:22:42 ----D---- C:\Program Files (x86)\SWF.max
2011-11-23 15:43:40 ----D---- C:\ProgramData\IObit
2011-11-23 15:43:40 ----D---- C:\Program Files (x86)\IObit
2011-11-23 07:42:35 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-11-23 07:42:35 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-11-23 07:42:35 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-11-23 07:42:35 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-23 07:42:35 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-23 07:42:35 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-23 07:42:34 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-11-23 07:42:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-11-23 07:42:34 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-23 07:42:34 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-23 07:42:33 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-11-23 07:42:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-11-23 07:42:33 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-23 07:42:33 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-23 07:42:29 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-11-23 07:42:29 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-11-23 07:42:29 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-23 07:42:29 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-23 07:42:28 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-11-23 07:42:28 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-23 07:42:27 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-11-23 07:42:27 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-23 07:42:26 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-11-23 07:42:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-11-23 07:42:26 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-23 07:42:26 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-23 07:42:25 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-11-23 07:42:25 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-23 07:42:24 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-11-23 07:42:24 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-11-23 07:42:24 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-23 07:42:24 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-23 07:42:23 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-11-23 07:42:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-11-23 07:42:23 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-23 07:42:23 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-23 07:42:22 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-11-23 07:42:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-11-23 07:42:22 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-23 07:42:22 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-23 07:42:20 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-11-23 07:42:20 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-23 07:42:19 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-11-23 07:42:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-11-23 07:42:19 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-11-23 07:42:19 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-23 07:42:19 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-23 07:42:19 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-23 07:42:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-11-23 07:42:18 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-23 07:42:17 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-11-23 07:42:17 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-11-23 07:42:17 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-11-23 07:42:17 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-23 07:42:17 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-23 07:42:17 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-23 07:42:14 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-11-23 07:42:14 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-11-23 07:42:14 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-11-23 07:42:14 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-23 07:42:14 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-23 07:42:14 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-23 07:42:13 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-11-23 07:42:13 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-23 07:42:12 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-11-23 07:42:12 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-11-23 07:42:12 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-23 07:42:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-23 07:42:11 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-11-23 07:42:11 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-23 07:42:10 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-11-23 07:42:10 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-11-23 07:42:10 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-11-23 07:42:10 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-23 07:42:10 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-23 07:42:10 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-23 07:42:08 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-11-23 07:42:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-11-23 07:42:08 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-23 07:42:08 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-23 07:42:07 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-11-23 07:42:07 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-23 07:42:06 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-11-23 07:42:06 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-23 07:42:05 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-11-23 07:42:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-11-23 07:42:05 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-23 07:42:05 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-23 07:42:04 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-11-23 07:42:04 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-23 07:42:03 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-11-23 07:42:03 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-23 07:42:02 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-11-23 07:42:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-11-23 07:42:02 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-23 07:42:02 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-23 07:42:01 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-11-23 07:42:01 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-23 07:42:00 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-11-23 07:42:00 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-11-23 07:42:00 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-11-23 07:42:00 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-23 07:42:00 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-23 07:42:00 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-23 07:41:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-11-23 07:41:59 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-23 07:41:58 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-11-23 07:41:58 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-11-23 07:41:58 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-23 07:41:58 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-23 07:41:57 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-11-23 07:41:57 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-23 07:41:56 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-11-23 07:41:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-11-23 07:41:56 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-23 07:41:56 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-23 07:41:54 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-11-23 07:41:54 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-11-23 07:41:54 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-23 07:41:54 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-23 07:41:53 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-11-23 07:41:53 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-23 07:41:52 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-11-23 07:41:52 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-23 07:41:51 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-11-23 07:41:51 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-23 07:41:50 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-11-23 07:41:50 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-11-23 07:41:50 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-23 07:41:50 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-23 07:41:49 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-11-23 07:41:49 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-23 07:41:48 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-11-23 07:41:48 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-11-23 07:41:48 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-23 07:41:48 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-23 07:41:46 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-11-23 07:41:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-23 07:41:45 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-11-23 07:41:45 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-23 07:41:44 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-11-23 07:41:44 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-23 07:41:34 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-11-23 07:41:34 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-23 07:41:33 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-11-23 07:41:33 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-11-23 07:41:33 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-23 07:41:33 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-23 07:41:31 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-11-23 07:41:31 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-23 07:41:30 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-11-23 07:41:30 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-23 07:41:28 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-11-23 07:41:28 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-23 07:41:27 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-11-23 07:41:27 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-23 07:41:25 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-11-23 07:41:25 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-23 07:41:23 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-11-23 07:41:23 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-20 00:52:16 ----D---- C:\Users\Pavel\AppData\Roaming\.minecraft
2011-11-14 22:39:45 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2011-11-09 16:14:00 ----D---- C:\Program Files (x86)\KGB Archiver
2011-11-09 13:27:30 ----D---- C:\bestgames
2011-11-09 12:13:17 ----D---- C:\ProgramData\BioWare
2011-11-09 11:59:52 ----D---- C:\Windows\SYSWOW64\AGEIA
2011-11-09 11:59:52 ----D---- C:\Program Files (x86)\AGEIA Technologies
2011-11-09 11:59:33 ----D---- C:\ProgramData\Media Center Programs
2011-11-09 09:51:07 ----D---- C:\Program Files (x86)\Governor of Poker 2 Premium Edition
2011-11-09 09:21:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-09 09:21:11 ----A---- C:\Windows\system32\win32k.sys
2011-11-09 09:18:45 ----D---- C:\Users\Pavel\AppData\Roaming\YoudaGames
2011-11-08 16:30:53 ----D---- C:\Users\Pavel\AppData\Roaming\GetRightToGo
2011-11-08 16:11:15 ----D---- C:\Users\Pavel\AppData\Roaming\MaskMyIP
2011-11-08 16:11:15 ----D---- C:\ProgramData\MaskMyIP
2011-11-08 16:10:49 ----D---- C:\Program Files (x86)\MaskMyIP
2011-11-08 10:05:49 ----A---- C:\Windows\War3Unin.pif
2011-11-08 10:05:49 ----A---- C:\Windows\War3Unin.exe
2011-11-08 10:05:49 ----A---- C:\Windows\War3Unin.dat
2011-11-08 10:04:50 ----D---- C:\Program Files (x86)\Warcraft III
2011-11-07 16:56:18 ----D---- C:\Program Files (x86)\Your Freedom
2011-11-04 23:06:21 ----D---- C:\Program Files (x86)\Comodo
2011-11-04 22:15:54 ----D---- C:\ProgramData\Blizzard Entertainment
2011-11-02 20:08:26 ----A---- C:\Windows\ODBCINST.INI
2011-11-02 20:07:55 ----D---- C:\Program Files\MySQL
2011-11-02 20:01:49 ----D---- C:\Program Files (x86)\MySQL
2011-11-02 20:01:48 ----D---- C:\ProgramData\MySQL
2011-11-01 11:46:03 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-11-01 11:46:03 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-11-01 11:46:03 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-31 10:28:18 ----D---- C:\Program Files (x86)\rFactor
2011-10-30 21:09:48 ----D---- C:\Program Files\Recuva
2011-10-29 20:13:38 ----D---- C:\Windows\Minidump
2011-10-28 12:32:09 ----D---- C:\Program Files\Bonjour
2011-10-28 12:32:09 ----D---- C:\Program Files (x86)\Bonjour
2011-10-28 12:31:15 ----D---- C:\Program Files (x86)\Apple Software Update
======List of files/folders modified in the last 1 month======
2011-11-26 13:53:12 ----D---- C:\Program Files\trend micro
2011-11-26 13:24:41 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2011-11-26 13:13:37 ----D---- C:\Windows\system32\Tasks
2011-11-26 12:52:28 ----AD---- C:\Windows\System32
2011-11-26 12:52:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-26 12:52:27 ----D---- C:\Windows\inf
2011-11-26 10:59:53 ----D---- C:\Windows\Temp
2011-11-26 10:53:32 ----D---- C:\Windows\system32\config
2011-11-26 10:42:49 ----SHD---- C:\Windows\Installer
2011-11-26 10:42:45 ----D---- C:\Windows\winsxs
2011-11-26 10:42:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-25 15:37:02 ----D---- C:\ProgramData\NVIDIA
2011-11-25 12:58:42 ----D---- C:\Windows\Prefetch
2011-11-25 12:57:47 ----D---- C:\Windows\system32\LogFiles
2011-11-25 12:57:03 ----D---- C:\Windows
2011-11-25 12:07:18 ----D---- C:\Windows\SYSWOW64\drivers
2011-11-24 19:07:40 ----RD---- C:\Program Files
2011-11-24 10:25:50 ----D---- C:\Windows\Logs
2011-11-24 09:50:52 ----D---- C:\Users\Pavel\AppData\Roaming\uTorrent
2011-11-24 09:45:21 ----D---- C:\Windows\SysWOW64
2011-11-23 18:22:42 ----RD---- C:\Program Files (x86)
2011-11-23 15:43:40 ----HD---- C:\ProgramData
2011-11-23 07:41:44 ----RSD---- C:\Windows\assembly
2011-11-20 00:52:09 ----D---- C:\Users\Pavel\AppData\Roaming\Leawo
2011-11-19 18:43:13 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2011-11-15 11:26:39 ----D---- C:\Windows\debug
2011-11-11 12:48:30 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-11-11 12:40:11 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-11-11 09:01:01 ----D---- C:\Program Files\Common Files\System
2011-11-11 09:00:53 ----D---- C:\Windows\system32\catroot
2011-11-10 14:15:56 ----D---- C:\Windows\system32\drivers
2011-11-10 08:24:20 ----D---- C:\Windows\system32\catroot2
2011-11-10 08:21:11 ----A---- C:\Windows\system32\MRT.exe
2011-11-09 20:28:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-09 13:30:23 ----A---- C:\Windows\system32\ServiceFilter.ini
2011-11-09 11:35:41 ----D---- C:\Program Files (x86)\Common Files
2011-11-09 09:15:22 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-11-06 11:55:18 ----D---- C:\Windows\pss
2011-11-05 20:59:23 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2011-11-05 18:38:47 ----D---- C:\Program Files (x86)\Opera
2011-11-04 20:15:21 ----D---- C:\Windows\system32\DriverStore
2011-11-02 20:08:55 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-11-02 20:08:20 ----RSD---- C:\Windows\Fonts
2011-11-01 11:45:56 ----D---- C:\Program Files (x86)\Java
2011-10-31 01:03:44 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2011-10-29 20:15:44 ----D---- C:\Users\Pavel\AppData\Roaming\Apple Computer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-10-07 574216]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-10-07 43248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-22 254528]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-10-07 93200]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-29 81768]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-22 2229280]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2010-01-31 2495944]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2009-07-08 211432]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 94336]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-07-29 58488]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2011-06-02 2156872]
S1 TKFWFV;nProtect Firewall Core Driver ; C:\Windows\system32\TKFWFV64.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dump_wmimmc;dump_wmimmc; \??\D:\AeriaGames\WolfTeam\GameGuard\dump_wmimmc.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 GETPADD64;GETPADD64; \??\C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.SYS [2007-09-04 13880]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2011-07-26 37888]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TKCtrl;TKCtrl; \??\C:\Windows\syswow64\TKCtrl2k64.sys []
S3 TKFsAvM;TKFsAvM; \??\C:\Windows\syswow64\TKFsAv64.sys []
S3 TkFsFtM;MiniFilter Driver; C:\Windows\syswow64\TKFsFt64.sys []
S3 TKFWVT;TKFWVT; \??\C:\Windows\syswow64\TKFWVT64.sys []
S3 TkIdsVt;TkIdsVt; \??\C:\Windows\syswow64\TkIdsVt64.sys []
S3 TKPcFt;TKPcFt; \??\C:\Windows\syswow64\TKPcFtCb64.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 50664]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-10 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 2663568]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler; C:\Windows\Installer\MSID618.tmp [2011-06-27 102400]
R2 MySQL55;MySQL55; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.5\my.ini MySQL55 []
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 392296]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-11-11 75136]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-07-20 72704]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-05-08 4100400]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-31 192368]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-22 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Dvojité psaní
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Dvojité psaní
Omlouvám se musím do práce budu tu večer.
Re: Dvojité psaní
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HJT najdeš zde :
C:\Program Files\trend micro\Pavel.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Odebrat programy odinstaluj Pando Networks (Media Booster, Pando Media Booster)
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HJT najdeš zde :
C:\Program Files\trend micro\Pavel.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Odebrat programy odinstaluj Pando Networks (Media Booster, Pando Media Booster)
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!
Re: Dvojité psaní
Zdravím... vše jsem ted udělal ovšem problém přetrvává.... 
Zde je log z MBAM :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Verze databáze: 8231
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
26.11.2011 18:23:19
mbam-log-2011-11-26 (18-23-19).txt
Typ: Rychlá kontrola
Kontrolované objekty: 173426
Uplynulý čas: 3 minut, 7 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Zde je log z MBAM :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Verze databáze: 8231
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
26.11.2011 18:23:19
mbam-log-2011-11-26 (18-23-19).txt
Typ: Rychlá kontrola
Kontrolované objekty: 173426
Uplynulý čas: 3 minut, 7 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Dvojité psaní
Však jsme taky ještě nezkončili.Drago125 píše:Zdravím... vše jsem ted udělal ovšem problém přetrvává....
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Dvojité psaní
Oukej dobře 
Jen taková technická.... je normální že už 20 minut tam je "Připravuji Log Report" a nic se neděje ?
Jen taková technická.... je normální že už 20 minut tam je "Připravuji Log Report" a nic se neděje ?
Re: Dvojité psaní
Tak htovo zde je log :
ComboFix 11-11-26.04 - Pavel 26.11.2011 18:43:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2397 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\sfklg.dll
c:\windows\SysWow64\sfklgcp.exe
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:02 . 2011-11-26 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 18:08 . 2011-11-24 21:28 -------- d-----w- c:\users\Pavel\AppData\Roaming\TS3Client
2011-11-24 18:07 . 2011-11-24 18:07 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-11-23 17:23 . 2011-11-25 23:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\SWF.max
2011-11-23 17:22 . 2011-11-23 17:22 -------- d-----w- c:\program files (x86)\SWF.max
2011-11-23 14:43 . 2011-11-23 14:43 -------- d-----w- c:\programdata\IObit
2011-11-23 14:43 . 2011-11-23 14:43 -------- d-----w- c:\program files (x86)\IObit
2011-11-23 06:46 . 2011-11-23 06:46 -------- d-----w- c:\users\Pavel\AppData\Local\Skyrim
2011-11-23 06:41 . 2007-05-16 15:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-11-19 23:52 . 2011-11-21 09:59 -------- d-----w- c:\users\Pavel\AppData\Roaming\.minecraft
2011-11-14 21:39 . 2011-11-14 21:39 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-11-14 21:39 . 2011-11-14 21:39 -------- d-----w- c:\users\Pavel\SystemRequirementsLab
2011-11-10 08:11 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 08:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:14 . 2011-11-09 15:14 -------- d-----w- c:\program files (x86)\KGB Archiver
2011-11-09 12:27 . 2011-11-09 12:27 -------- d-----w- C:\bestgames
2011-11-09 11:13 . 2011-11-26 17:36 -------- d-----w- c:\programdata\BioWare
2011-11-09 10:59 . 2011-11-09 10:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-11-09 10:59 . 2011-11-09 10:59 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-11-09 10:59 . 2011-11-26 17:35 -------- d-----w- c:\programdata\Media Center Programs
2011-11-09 08:51 . 2011-11-09 08:51 -------- d-----w- c:\program files (x86)\Governor of Poker 2 Premium Edition
2011-11-09 08:21 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:21 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 08:18 . 2011-11-09 08:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\YoudaGames
2011-11-08 15:30 . 2011-11-08 15:31 -------- d-----w- c:\users\Pavel\AppData\Roaming\GetRightToGo
2011-11-08 15:11 . 2011-11-08 15:11 -------- d-----w- c:\users\Pavel\AppData\Roaming\MaskMyIP
2011-11-08 15:11 . 2011-11-08 15:11 -------- d-----w- c:\programdata\MaskMyIP
2011-11-08 15:10 . 2011-11-08 15:10 -------- d-----w- c:\program files (x86)\MaskMyIP
2011-11-08 09:05 . 2011-11-08 09:05 2829 ----a-w- c:\windows\War3Unin.pif
2011-11-08 09:05 . 2011-11-08 09:05 126976 ----a-w- c:\windows\War3Unin.exe
2011-11-08 09:04 . 2011-11-08 09:05 -------- d-----w- c:\program files (x86)\Warcraft III
2011-11-07 15:56 . 2011-11-07 15:56 -------- d-----w- c:\users\Pavel\AppData\Local\Your Freedom
2011-11-07 15:56 . 2011-11-07 15:56 -------- d-----w- c:\program files (x86)\Your Freedom
2011-11-04 22:06 . 2011-11-05 20:00 -------- d-----w- c:\users\Pavel\AppData\Local\Comodo
2011-11-04 22:06 . 2011-11-05 20:00 -------- d-----w- c:\program files (x86)\Comodo
2011-11-04 21:15 . 2011-11-04 22:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-11-02 19:07 . 2011-11-02 19:08 -------- d-----w- c:\program files\MySQL
2011-11-02 19:01 . 2011-11-02 19:09 -------- d-----w- c:\program files (x86)\MySQL
2011-11-02 19:01 . 2011-11-02 19:07 -------- d-----w- c:\programdata\MySQL
2011-11-01 10:46 . 2011-11-01 10:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-31 09:28 . 2011-11-05 18:48 -------- d-----w- c:\program files (x86)\rFactor
2011-10-30 20:09 . 2011-10-30 20:09 -------- d-----w- c:\program files\Recuva
2011-10-28 11:32 . 2011-10-28 11:32 -------- d-----w- c:\program files\Bonjour
2011-10-28 11:32 . 2011-10-28 11:32 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-28 11:31 . 2011-10-28 11:31 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 11:48 . 2011-06-26 09:52 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-11 11:48 . 2011-06-25 21:03 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-11 11:40 . 2011-06-25 21:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-24 19:43 . 2011-10-24 19:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-24 19:43 . 2011-10-24 19:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-10-20 17:21 . 2011-10-20 17:21 21840 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2011-10-20 17:21 . 2011-10-20 17:21 17212 ----a-w- c:\windows\SysWow64\SIntf32.dll
2011-10-20 17:21 . 2011-10-20 17:21 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2011-10-10 08:34 . 2011-06-25 21:03 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-07 16:48 . 2011-10-07 16:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 16:47 . 2011-10-07 16:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:47 . 2011-10-07 16:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:47 . 2011-10-07 16:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 16:47 . 2011-10-07 16:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-10-03 04:06 . 2011-08-22 10:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 09:23 . 2011-07-04 23:27 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24 . 2011-10-13 06:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 06:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 06:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 06:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 06:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 06:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 15:00 . 2011-06-25 11:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-28 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-5-28 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-28 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 TKFWFV;nProtect Firewall Core Driver ;c:\windows\system32\TKFWFV64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;d:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 GETPADD64;GETPADD64;c:\program files (x86)\ASUS\WinFlash\GETPADD64.SYS [2007-09-04 13880]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TKCtrl;TKCtrl;c:\windows\system32\TKCtrl2k64.sys [x]
R3 TKFsAvM;TKFsAvM;c:\windows\system32\TKFsAv64.sys [x]
R3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt64.sys [x]
R3 TKFWVT;TKFWVT;c:\windows\system32\TKFWVT64.sys [x]
R3 TkIdsVt;TkIdsVt;c:\windows\system32\TkIdsVt64.sys [x]
R3 TKPcFt;TKPcFt;c:\windows\system32\TKPcFtCb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSID618.tmp [2011-06-27 102400]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [x]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 23:12]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 23:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 16414824]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\sh8jhgzs.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Čeština Dragon Age Origins 1.00 - d:\program files (x86)\Dragon Age\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSID618.tmp\" -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\SecuROM\License information*]
"datasecu"=hex:82,de,c1,93,21,72,db,6f,21,6c,4b,76,50,11,c5,f1,28,da,65,a7,2f,
7b,ea,4e,29,4c,0f,b6,77,9a,b1,8a,c3,cf,7a,7e,40,5d,d6,7e,c6,1a,c9,79,0c,02,\
"rkeysecu"=hex:a3,b8,1e,aa,c2,74,db,e0,11,f0,71,43,bd,b0,24,92
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-26 19:29:18
ComboFix-quarantined-files.txt 2011-11-26 18:29
.
Před spuštěním: Volných bajtů: 32 809 771 008
Po spuštění: Volných bajtů: 33 290 403 840
.
- - End Of File - - F9C2A115A03968454CBEB18471D58608
ComboFix 11-11-26.04 - Pavel 26.11.2011 18:43:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2397 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\sfklg.dll
c:\windows\SysWow64\sfklgcp.exe
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:02 . 2011-11-26 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 18:08 . 2011-11-24 21:28 -------- d-----w- c:\users\Pavel\AppData\Roaming\TS3Client
2011-11-24 18:07 . 2011-11-24 18:07 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-11-23 17:23 . 2011-11-25 23:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\SWF.max
2011-11-23 17:22 . 2011-11-23 17:22 -------- d-----w- c:\program files (x86)\SWF.max
2011-11-23 14:43 . 2011-11-23 14:43 -------- d-----w- c:\programdata\IObit
2011-11-23 14:43 . 2011-11-23 14:43 -------- d-----w- c:\program files (x86)\IObit
2011-11-23 06:46 . 2011-11-23 06:46 -------- d-----w- c:\users\Pavel\AppData\Local\Skyrim
2011-11-23 06:41 . 2007-05-16 15:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-11-19 23:52 . 2011-11-21 09:59 -------- d-----w- c:\users\Pavel\AppData\Roaming\.minecraft
2011-11-14 21:39 . 2011-11-14 21:39 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-11-14 21:39 . 2011-11-14 21:39 -------- d-----w- c:\users\Pavel\SystemRequirementsLab
2011-11-10 08:11 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 08:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:14 . 2011-11-09 15:14 -------- d-----w- c:\program files (x86)\KGB Archiver
2011-11-09 12:27 . 2011-11-09 12:27 -------- d-----w- C:\bestgames
2011-11-09 11:13 . 2011-11-26 17:36 -------- d-----w- c:\programdata\BioWare
2011-11-09 10:59 . 2011-11-09 10:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-11-09 10:59 . 2011-11-09 10:59 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-11-09 10:59 . 2011-11-26 17:35 -------- d-----w- c:\programdata\Media Center Programs
2011-11-09 08:51 . 2011-11-09 08:51 -------- d-----w- c:\program files (x86)\Governor of Poker 2 Premium Edition
2011-11-09 08:21 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:21 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 08:18 . 2011-11-09 08:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\YoudaGames
2011-11-08 15:30 . 2011-11-08 15:31 -------- d-----w- c:\users\Pavel\AppData\Roaming\GetRightToGo
2011-11-08 15:11 . 2011-11-08 15:11 -------- d-----w- c:\users\Pavel\AppData\Roaming\MaskMyIP
2011-11-08 15:11 . 2011-11-08 15:11 -------- d-----w- c:\programdata\MaskMyIP
2011-11-08 15:10 . 2011-11-08 15:10 -------- d-----w- c:\program files (x86)\MaskMyIP
2011-11-08 09:05 . 2011-11-08 09:05 2829 ----a-w- c:\windows\War3Unin.pif
2011-11-08 09:05 . 2011-11-08 09:05 126976 ----a-w- c:\windows\War3Unin.exe
2011-11-08 09:04 . 2011-11-08 09:05 -------- d-----w- c:\program files (x86)\Warcraft III
2011-11-07 15:56 . 2011-11-07 15:56 -------- d-----w- c:\users\Pavel\AppData\Local\Your Freedom
2011-11-07 15:56 . 2011-11-07 15:56 -------- d-----w- c:\program files (x86)\Your Freedom
2011-11-04 22:06 . 2011-11-05 20:00 -------- d-----w- c:\users\Pavel\AppData\Local\Comodo
2011-11-04 22:06 . 2011-11-05 20:00 -------- d-----w- c:\program files (x86)\Comodo
2011-11-04 21:15 . 2011-11-04 22:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-11-02 19:07 . 2011-11-02 19:08 -------- d-----w- c:\program files\MySQL
2011-11-02 19:01 . 2011-11-02 19:09 -------- d-----w- c:\program files (x86)\MySQL
2011-11-02 19:01 . 2011-11-02 19:07 -------- d-----w- c:\programdata\MySQL
2011-11-01 10:46 . 2011-11-01 10:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-31 09:28 . 2011-11-05 18:48 -------- d-----w- c:\program files (x86)\rFactor
2011-10-30 20:09 . 2011-10-30 20:09 -------- d-----w- c:\program files\Recuva
2011-10-28 11:32 . 2011-10-28 11:32 -------- d-----w- c:\program files\Bonjour
2011-10-28 11:32 . 2011-10-28 11:32 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-28 11:31 . 2011-10-28 11:31 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 11:48 . 2011-06-26 09:52 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-11 11:48 . 2011-06-25 21:03 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-11 11:40 . 2011-06-25 21:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-24 19:43 . 2011-10-24 19:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-24 19:43 . 2011-10-24 19:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-10-20 17:21 . 2011-10-20 17:21 21840 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2011-10-20 17:21 . 2011-10-20 17:21 17212 ----a-w- c:\windows\SysWow64\SIntf32.dll
2011-10-20 17:21 . 2011-10-20 17:21 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2011-10-10 08:34 . 2011-06-25 21:03 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-07 16:48 . 2011-10-07 16:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 16:47 . 2011-10-07 16:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:47 . 2011-10-07 16:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:47 . 2011-10-07 16:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 16:47 . 2011-10-07 16:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-10-03 04:06 . 2011-08-22 10:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 09:23 . 2011-07-04 23:27 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24 . 2011-10-13 06:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 06:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 06:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 06:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 06:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 06:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 15:00 . 2011-06-25 11:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-28 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-5-28 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-28 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 TKFWFV;nProtect Firewall Core Driver ;c:\windows\system32\TKFWFV64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;d:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 GETPADD64;GETPADD64;c:\program files (x86)\ASUS\WinFlash\GETPADD64.SYS [2007-09-04 13880]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TKCtrl;TKCtrl;c:\windows\system32\TKCtrl2k64.sys [x]
R3 TKFsAvM;TKFsAvM;c:\windows\system32\TKFsAv64.sys [x]
R3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt64.sys [x]
R3 TKFWVT;TKFWVT;c:\windows\system32\TKFWVT64.sys [x]
R3 TkIdsVt;TkIdsVt;c:\windows\system32\TkIdsVt64.sys [x]
R3 TKPcFt;TKPcFt;c:\windows\system32\TKPcFtCb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSID618.tmp [2011-06-27 102400]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [x]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 23:12]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056597736-3199337290-1037922683-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 23:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 16414824]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\sh8jhgzs.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Čeština Dragon Age Origins 1.00 - d:\program files (x86)\Dragon Age\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSID618.tmp\" -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1056597736-3199337290-1037922683-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1056597736-3199337290-1037922683-1001\Software\SecuROM\License information*]
"datasecu"=hex:82,de,c1,93,21,72,db,6f,21,6c,4b,76,50,11,c5,f1,28,da,65,a7,2f,
7b,ea,4e,29,4c,0f,b6,77,9a,b1,8a,c3,cf,7a,7e,40,5d,d6,7e,c6,1a,c9,79,0c,02,\
"rkeysecu"=hex:a3,b8,1e,aa,c2,74,db,e0,11,f0,71,43,bd,b0,24,92
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-26 19:29:18
ComboFix-quarantined-files.txt 2011-11-26 18:29
.
Před spuštěním: Volných bajtů: 32 809 771 008
Po spuštění: Volných bajtů: 33 290 403 840
.
- - End Of File - - F9C2A115A03968454CBEB18471D58608
Re: Dvojité psaní
Může se to stát.Drago125 píše:Jen taková technická.... je normální že už 20 minut tam je "Připravuji Log Report" a nic se neděje ?
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
Folder::
c:\programdata\IObit
c:\program files (x86)\IObit
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Dvojité psaní
Tak nevím co dělám špatne.... 
Vždycky když chci spustit CF s tím sciptem přetáhnutím tak se mi objeví něco jako instalace.... A ikdyž dám ve vlastnostech odblokovat a spustí se mi jen další test CF. Spouštím to jako administrátor ale prostě to nejde.. A po každém spuštění musím ten soubor zase odblokovávat..... Jinak všechny ochrany jsou zase vypnutý...
Vždycky když chci spustit CF s tím sciptem přetáhnutím tak se mi objeví něco jako instalace.... A ikdyž dám ve vlastnostech odblokovat a spustí se mi jen další test CF. Spouštím to jako administrátor ale prostě to nejde.. A po každém spuštění musím ten soubor zase odblokovávat..... Jinak všechny ochrany jsou zase vypnutý...Re: Dvojité psaní
Tak to uděláme jinak.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
c:\*.tmp
c:\WINDOWS\System32\*.tmp
c:\WINDOWS\*.tmp
c:\programdata\IObit
c:\program files (x86)\IObit
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Přispějete na provoz fóra?