Win32/TrojanDownloader.Mebload.Ar trojan

[liki8]

Tak vysledek kombofixu:

ComboFix 12-03-10.01 - Liki8 11.03.2012 8:53.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8106.6636 [GMT 1:00]
Spuštěný z: c:\users\Liki8\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Windows
c:\programdata\Windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\xessmsxe.dat
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 07:57 . 2012-03-11 07:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-11 07:57 . 2012-03-11 07:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 14:15 . 2012-03-11 07:31 -------- d-----w- C:\avast! sandbox
2012-03-09 08:02 . 2012-03-09 08:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 06:27 . 2012-02-20 00:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0442C01-336E-4A66-9816-C6E0018043BB}\mpengine.dll
2012-03-08 22:53 . 2012-03-08 23:10 -------- d-----w- c:\program files\trend micro
2012-03-08 22:53 . 2012-03-08 23:03 -------- d-----w- C:\rsit
2012-03-08 22:45 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-08 22:45 . 2012-03-11 07:43 -------- d-----w- c:\programdata\AVAST Software
2012-03-08 22:45 . 2012-03-08 22:45 -------- d-----w- c:\program files\AVAST Software
2012-03-05 08:50 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-03-05 08:50 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-03-05 08:50 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-03-05 08:50 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-03-05 08:50 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-03-05 08:50 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-03-05 08:50 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-03-05 08:50 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-03-05 08:50 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-03-05 08:50 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-03-05 08:50 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-03-04 16:15 . 2012-03-04 16:15 -------- d-----w- c:\programdata\TSplines
2012-03-03 22:30 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-02 16:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-03-02 16:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-03-02 16:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-03-02 16:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-03-02 07:09 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-02 07:09 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-02 07:09 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-02 07:09 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-01 20:15 . 2008-05-27 07:34 200704 ----a-w- c:\windows\SysWow64\BongoSDK.10.v40.dll
2012-03-01 20:15 . 2012-03-01 20:23 -------- d-----w- c:\programdata\ASGvis
2012-03-01 20:13 . 2012-03-01 20:13 -------- d-----w- c:\program files (x86)\AsuniCAD
2012-03-01 20:13 . 2012-03-01 20:13 -------- d-----w- c:\program files (x86)\Common Files\AsuniCAD
2012-03-01 19:57 . 2012-03-01 19:57 -------- d-----w- c:\program files (x86)\TeamViewer
2012-03-01 19:52 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-03-01 19:24 . 2012-03-02 16:31 -------- d-----w- c:\programdata\McNeel
2012-03-01 18:44 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-01 18:27 . 2012-03-01 18:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-01 18:25 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-03-01 18:25 . 1998-06-24 00:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-03-01 18:25 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-03-01 18:25 . 2012-03-01 18:25 -------- d-----w- c:\program files (x86)\PDFCreator
2012-03-01 18:21 . 2012-03-01 18:22 -------- d-----w- C:\totalcmd
2012-03-01 16:48 . 2012-03-01 16:48 -------- d-----w- c:\program files (x86)\Common Files\McNeel Shared
2012-03-01 16:48 . 2012-03-05 22:30 -------- d-----w- c:\program files (x86)\Rhinoceros 4.0
2012-03-01 16:36 . 2012-03-01 16:36 -------- d-----w- c:\program files (x86)\PowerISO
2012-03-01 16:36 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-03-01 15:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-01 15:36 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 15:26 . 2012-03-01 15:32 -------- d-----w- c:\programdata\FLEXnet
2012-03-01 15:13 . 2012-03-01 15:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-03-01 15:11 . 2012-03-01 15:15 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-03-01 15:11 . 2012-03-01 15:15 -------- d-----w- c:\program files\Autodesk
2012-03-01 15:11 . 2012-03-01 15:11 -------- d-----w- c:\program files (x86)\Autodesk
2012-03-01 15:10 . 2012-03-01 15:15 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-03-01 15:10 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-03-01 15:07 . 2012-03-01 16:03 -------- d-----w- c:\programdata\Autodesk
2012-03-01 13:35 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-01 13:35 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-03-01 13:24 . 2012-03-01 13:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-01 13:19 . 2012-03-01 13:21 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-01 13:18 . 2012-03-01 13:18 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-03-01 10:51 . 2012-03-01 10:51 -------- d-----w- c:\program files (x86)\Aspyr
2012-03-01 09:25 . 2012-03-01 09:25 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-03-01 09:24 . 2012-03-01 09:24 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-03-01 09:23 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-01 08:44 . 2012-03-06 08:23 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-01 08:44 . 2012-03-01 09:30 88 --sh--r- c:\programdata\29EB0E31F3.sys
2012-03-01 08:43 . 2012-03-01 09:25 -------- d-----w- c:\programdata\Corel
2012-03-01 08:40 . 2012-03-01 08:40 -------- d-----w- c:\program files (x86)\Corel
2012-03-01 08:16 . 2012-03-01 08:16 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-----w- c:\windows\PCHEALTH
2012-03-01 07:58 . 2012-03-01 07:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-01 07:58 . 2012-03-01 07:58 -------- d-----r- C:\MSOCache
2012-03-01 07:51 . 2010-04-06 19:30 138776 ----a-r- c:\windows\SysWow64\TWAINDSM.dll
2012-03-01 07:51 . 2012-03-01 07:51 -------- d-----w- c:\program files\Scan Assistant
2012-03-01 07:49 . 2009-11-19 09:19 27648 ----a-w- c:\windows\system32\ssb3ml6.dll
2012-03-01 07:49 . 2009-11-19 09:18 151552 ----a-w- c:\windows\system32\ssb3mci.exe
2012-03-01 07:49 . 2009-11-19 09:18 89600 ----a-w- c:\windows\system32\ssb3mci.dll
2012-03-01 07:48 . 2012-03-01 07:48 -------- d-----w- c:\program files (x86)\Samsung
2012-03-01 07:47 . 2009-10-28 05:09 11576 ------w- c:\windows\SysWow64\drivers\SSPORT.SYS
2012-03-01 07:42 . 2012-03-01 07:42 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-01 07:39 . 2008-05-02 01:46 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2012-03-01 07:39 . 2008-05-02 01:47 235536 ----a-w- c:\windows\system32\kemutb.dll
2012-03-01 07:39 . 2008-05-02 01:47 95760 ----a-w- c:\windows\system32\KemXML.dll
2012-03-01 07:39 . 2008-05-02 01:47 158736 ----a-w- c:\windows\system32\KemWnd.dll
2012-03-01 07:39 . 2008-05-02 01:47 232976 ----a-w- c:\windows\system32\KemUtil.dll
2012-03-01 07:38 . 2012-03-01 07:42 -------- d-----w- c:\programdata\Logitech
2012-03-01 07:38 . 2012-03-01 07:39 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-01 07:38 . 2012-03-01 17:05 -------- d-----w- c:\program files\Logitech
2012-03-01 07:38 . 2012-03-01 07:38 -------- d-----w- c:\programdata\LogiShrd
2012-03-01 07:17 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-01 07:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-01 06:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-01 06:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-01 06:37 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-01 06:30 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-01 06:30 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 06:30 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-01 06:30 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-01 06:30 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-01 06:30 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-01 06:30 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-01 06:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-01 06:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-01 06:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-01 06:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-01 06:27 . 2012-03-01 06:27 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-01 06:27 . 2012-03-01 06:27 -------- d-----w- c:\windows\system32\Wat
2012-03-01 06:24 . 2012-03-01 06:24 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-01 05:54 . 2011-09-16 07:00 545 ----a-w- c:\windows\UC.PIF
2012-03-01 05:54 . 2011-09-16 07:00 545 ----a-w- c:\windows\RAR.PIF
2012-03-01 05:54 . 2011-09-16 07:00 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-01 05:54 . 2011-09-16 07:00 545 ----a-w- c:\windows\LHA.PIF
2012-03-01 05:54 . 2011-09-16 07:00 545 ----a-w- c:\windows\ARJ.PIF
2012-03-01 05:45 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-01 05:45 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-29 14:05 . 2012-02-29 14:05 -------- d-----w- c:\program files (x86)\Conduit
2012-02-29 14:05 . 2012-02-29 14:05 -------- d-----w- c:\program files (x86)\uTorrentControl2
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 12:32 . 2011-09-30 18:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-29 10:44 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-10-28 618496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-3-1 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-21 378472]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-13 2984832]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 AMPPAL;Virtu?ln? adapt?r Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-01 1431888]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Liki8\AppData\Roaming\Mozilla\Firefox\Profiles\15nz1fi4.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"ProductCode"="{294B98CF-EE0B-48AF-9353-233ADB99DE87}"
"PackageFeatures"=dword:00000003
"ProductACode"=dword:0000006e
"ProductBase"=dword:00000001
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="5.0.65.0"
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"UniqueId"="00035AFB4F4E07B9"
"ScannerBuild"=dword:000023a0
"ScannerVersionId"=dword:000017a8
"ScannerVersion"="Locked/open ESET for status."
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-11 08:59:37
ComboFix-quarantined-files.txt 2012-03-11 07:59
.
Před spuštěním: Volných bajtů: 548 719 996 928
Po spuštění: Volných bajtů: 550 374 666 240
.
- - End Of File - - E3B1FB140CAE7AD02A545906E78DDBA5

[liki8]

Dekuji za goldmemory. Perfektni programek. Mel jsem akorat problem pri zjisteni velikosti RAM, kde pri nastaveni Bios byla najita vysledna hodnota 3GB (ja mam 2x4GB). Pri auto nastaveni se stale zobrazovalo checking a nepohlo se to ani po dlouhe dobe. Nechal jsem tedy program bezet pri nastaveni Bios a nalezeno nebylo nic. Coz je myslim neprukazne ze?

[motji]

Na ty RAM se zeptám kolegy

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
[-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
[-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.euro.dell.com/content/defau ... l=cs&s=bsd
mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Liki8\AppData\Roaming\Mozilla\Firefox\Profiles\15nz1fi4.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[liki8]

Jestli mohu k tem RAM. Urcite jsem to zminil, ale byla mi menena zakladni deska a ram mam dokoupene po konzultaci s podporou dell (kingston 1333MHz, CL9, 2x4GB). Projevovali se obecnym zpomalenim systemu. Po vymene vse utichlo. Ted mi zase nebezi ukazatele hlasitosti, spousteci dotykova tlacitka ruznach fci. ... Samozrejme nevim, jestli to ma spojitost. Dekuji

[motji]

A to Vám nejde po té výměně nebo až později?

[liki8]

To zpomaleni byl duvod vymeny desky, protoze se doslo k zaveru ze Ramkami to neni. Ale ty tlacitka mi nebezi asi posledni dvy nebo tri dny.


ComboFix 12-03-10.01 - Liki8 11.03.2012 21:56:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8106.6214 [GMT 1:00]
Spuštěný z: c:\users\Liki8\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Liki8\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 21:01 . 2012-03-11 21:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-11 21:01 . 2012-03-11 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-11 08:08 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-11 08:08 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-11 08:08 . 2012-03-07 00:04 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-11 08:08 . 2012-03-07 00:03 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-11 08:08 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-11 08:08 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-11 08:08 . 2012-03-07 00:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-03-11 08:08 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-11 08:08 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-11 08:08 . 2012-03-06 23:44 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-03-11 08:08 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-11 08:08 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-09 08:02 . 2012-03-09 08:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 06:27 . 2012-02-20 00:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0442C01-336E-4A66-9816-C6E0018043BB}\mpengine.dll
2012-03-08 22:53 . 2012-03-08 23:10 -------- d-----w- c:\program files\trend micro
2012-03-08 22:53 . 2012-03-08 23:03 -------- d-----w- C:\rsit
2012-03-08 22:45 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-08 22:45 . 2012-03-11 08:07 -------- d-----w- c:\programdata\AVAST Software
2012-03-08 22:45 . 2012-03-11 08:07 -------- d-----w- c:\program files\AVAST Software
2012-03-05 08:50 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-03-05 08:50 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-03-05 08:50 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-03-05 08:50 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-03-05 08:50 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-03-05 08:50 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-03-05 08:50 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-03-05 08:50 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-03-05 08:50 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-03-05 08:50 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-03-05 08:50 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-03-04 16:15 . 2012-03-04 16:15 -------- d-----w- c:\programdata\TSplines
2012-03-03 22:30 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-02 16:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-03-02 16:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-03-02 16:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-03-02 16:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-03-02 07:09 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-02 07:09 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-02 07:09 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-02 07:09 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-01 20:15 . 2008-05-27 07:34 200704 ----a-w- c:\windows\SysWow64\BongoSDK.10.v40.dll
2012-03-01 20:15 . 2012-03-01 20:23 -------- d-----w- c:\programdata\ASGvis
2012-03-01 20:13 . 2012-03-01 20:13 -------- d-----w- c:\program files (x86)\AsuniCAD
2012-03-01 20:13 . 2012-03-01 20:13 -------- d-----w- c:\program files (x86)\Common Files\AsuniCAD
2012-03-01 19:57 . 2012-03-01 19:57 -------- d-----w- c:\program files (x86)\TeamViewer
2012-03-01 19:52 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-03-01 19:24 . 2012-03-02 16:31 -------- d-----w- c:\programdata\McNeel
2012-03-01 18:44 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-01 18:27 . 2012-03-01 18:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-01 18:25 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-03-01 18:25 . 1998-06-24 00:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-03-01 18:25 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-03-01 18:25 . 2012-03-01 18:25 -------- d-----w- c:\program files (x86)\PDFCreator
2012-03-01 18:21 . 2012-03-01 18:22 -------- d-----w- C:\totalcmd
2012-03-01 16:48 . 2012-03-01 16:48 -------- d-----w- c:\program files (x86)\Common Files\McNeel Shared
2012-03-01 16:48 . 2012-03-05 22:30 -------- d-----w- c:\program files (x86)\Rhinoceros 4.0
2012-03-01 16:36 . 2012-03-01 16:36 -------- d-----w- c:\program files (x86)\PowerISO
2012-03-01 16:36 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-03-01 15:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-01 15:36 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 15:26 . 2012-03-01 15:32 -------- d-----w- c:\programdata\FLEXnet
2012-03-01 15:13 . 2012-03-01 15:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-03-01 15:11 . 2012-03-01 15:15 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-03-01 15:11 . 2012-03-01 15:15 -------- d-----w- c:\program files\Autodesk
2012-03-01 15:11 . 2012-03-01 15:11 -------- d-----w- c:\program files (x86)\Autodesk
2012-03-01 15:10 . 2012-03-01 15:15 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-03-01 15:10 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-03-01 15:10 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-03-01 15:07 . 2012-03-01 16:03 -------- d-----w- c:\programdata\Autodesk
2012-03-01 13:35 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-01 13:35 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-03-01 13:24 . 2012-03-01 13:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-01 13:19 . 2012-03-01 13:21 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-01 13:18 . 2012-03-01 13:18 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-03-01 10:51 . 2012-03-01 10:51 -------- d-----w- c:\program files (x86)\Aspyr
2012-03-01 09:25 . 2012-03-01 09:25 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-03-01 09:24 . 2012-03-01 09:24 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-03-01 09:23 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-01 08:44 . 2012-03-06 08:23 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-01 08:44 . 2012-03-01 09:30 88 --sh--r- c:\programdata\29EB0E31F3.sys
2012-03-01 08:43 . 2012-03-01 09:25 -------- d-----w- c:\programdata\Corel
2012-03-01 08:40 . 2012-03-01 08:40 -------- d-----w- c:\program files (x86)\Corel
2012-03-01 08:16 . 2012-03-01 08:16 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-----w- c:\windows\PCHEALTH
2012-03-01 07:58 . 2012-03-01 07:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-01 07:58 . 2012-03-01 07:58 -------- d-----r- C:\MSOCache
2012-03-01 07:51 . 2010-04-06 19:30 138776 ----a-r- c:\windows\SysWow64\TWAINDSM.dll
2012-03-01 07:51 . 2012-03-01 07:51 -------- d-----w- c:\program files\Scan Assistant
2012-03-01 07:49 . 2009-11-19 09:19 27648 ----a-w- c:\windows\system32\ssb3ml6.dll
2012-03-01 07:49 . 2009-11-19 09:18 151552 ----a-w- c:\windows\system32\ssb3mci.exe
2012-03-01 07:49 . 2009-11-19 09:18 89600 ----a-w- c:\windows\system32\ssb3mci.dll
2012-03-01 07:48 . 2012-03-01 07:48 -------- d-----w- c:\program files (x86)\Samsung
2012-03-01 07:47 . 2009-10-28 05:09 11576 ------w- c:\windows\SysWow64\drivers\SSPORT.SYS
2012-03-01 07:42 . 2012-03-01 07:42 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-01 07:39 . 2008-05-02 01:46 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2012-03-01 07:39 . 2008-05-02 01:47 235536 ----a-w- c:\windows\system32\kemutb.dll
2012-03-01 07:39 . 2008-05-02 01:47 95760 ----a-w- c:\windows\system32\KemXML.dll
2012-03-01 07:39 . 2008-05-02 01:47 158736 ----a-w- c:\windows\system32\KemWnd.dll
2012-03-01 07:39 . 2008-05-02 01:47 232976 ----a-w- c:\windows\system32\KemUtil.dll
2012-03-01 07:38 . 2012-03-01 07:42 -------- d-----w- c:\programdata\Logitech
2012-03-01 07:38 . 2012-03-01 07:39 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-01 07:38 . 2012-03-01 17:05 -------- d-----w- c:\program files\Logitech
2012-03-01 07:38 . 2012-03-01 07:38 -------- d-----w- c:\programdata\LogiShrd
2012-03-01 07:17 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-01 07:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-01 06:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-01 06:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-01 06:37 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-01 06:30 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-01 06:30 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 06:30 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-01 06:30 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-01 06:30 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-01 06:30 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-01 06:30 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-01 06:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-01 06:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-01 06:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-01 06:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-01 06:27 . 2012-03-01 06:27 -------- d-----w- c:\windows\SysWow64\Wat
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 12:32 . 2011-09-30 18:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-29 10:44 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-11_07.58.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-11 07:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-11 19:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-11 07:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 19:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-11 07:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 19:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-11 19:56 57422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-11 19:56 43992 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-03-08 22:45 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-11 08:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-11 08:08 . 2012-03-06 23:44 12368 c:\windows\system32\DriverStore\FileRepository\aswndispt.inf_amd64_neutral_f73b19d2ccf2ed02\aswNdis.sys
- 2012-03-08 22:45 . 2012-03-06 23:44 12368 c:\windows\system32\DriverStore\FileRepository\aswndispt.inf_amd64_neutral_f73b19d2ccf2ed02\aswNdis.sys
+ 2012-02-29 08:14 . 2012-03-11 08:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-29 08:14 . 2012-03-07 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-29 08:14 . 2012-03-11 08:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-29 08:14 . 2012-03-07 17:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-07 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 08:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-11 19:46 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-29 10:42 . 2012-03-11 19:56 8728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-727353816-1817748410-2715247838-1001_UserData.bin
+ 2012-03-11 19:54 . 2012-03-11 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-11 07:50 . 2012-03-11 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-11 19:54 . 2012-03-11 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-11 07:50 . 2012-03-11 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-29 21:43 . 2012-03-11 13:47 276218 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-11 07:05 652174 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-11 10:13 652174 c:\windows\system32\perfh009.dat
+ 2010-11-21 09:27 . 2012-03-11 10:13 666470 c:\windows\system32\perfh005.dat
- 2010-11-21 09:27 . 2012-03-11 07:05 666470 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-11 10:13 121106 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-11 07:05 121106 c:\windows\system32\perfc009.dat
+ 2010-11-21 09:27 . 2012-03-11 10:13 140134 c:\windows\system32\perfc005.dat
- 2010-11-21 09:27 . 2012-03-11 07:05 140134 c:\windows\system32\perfc005.dat
- 2009-07-14 05:30 . 2012-03-08 22:45 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-11 08:08 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-11 08:08 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-03-08 22:45 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-03-11 19:53 564008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-11 07:47 564008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-29 12:32 . 2012-03-11 19:53 6234924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727353816-1817748410-2715247838-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-10-28 618496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-3-1 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-01 1431888]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-07 134920]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-21 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-13 2984832]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Virtu?ln? adapt?r Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Liki8\AppData\Roaming\Mozilla\Firefox\Profiles\15nz1fi4.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"ProductCode"="{294B98CF-EE0B-48AF-9353-233ADB99DE87}"
"PackageFeatures"=dword:00000003
"ProductACode"=dword:0000006e
"ProductBase"=dword:00000001
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="5.0.65.0"
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"UniqueId"="00035AFB4F4E07B9"
"ScannerBuild"=dword:000023a0
"ScannerVersionId"=dword:000017a8
"ScannerVersion"="Locked/open ESET for status."
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-11 22:03:07
ComboFix-quarantined-files.txt 2012-03-11 21:03
ComboFix2.txt 2012-03-11 07:59
.
Před spuštěním: Volných bajtů: 558 742 290 432
Po spuštění: Volných bajtů: 558 447 353 856
.
- - End Of File - - 0458EA9F06FA72AB80D0F9AEC58686A4

[liki8]

Jednu vec jsem opmnel. Zpomaleni systemu se delo, jak s originalnimi Ram, tak i s nove dokoupeny.

[motji]

Log je v pořádku, ted to vypadá jak? Kolega se tu zatím neukázal, čekám na něj

[liki8]

Antivirus nic nehlasi. Krome hlasek podezreni na bluetooth, ktere nakonec vyhodnoti jako nezavadne. Nefunguji mi dotykova tlacitka a ukazatele hlasitosti, jasu displaye ... Myslim, ze internet, ktery byl zpomaleny po ociste uz neni. Jinak jsem uz take asi trochu ve strehu, protoze od zacatku NTB a nejake problemy at mensi ci vetsi. (Dell xps l502x)

[motji]

Vydržte, kolega se na to zítra mrkne. Pokud by se do čtvrtka neozval, napište zde, ať se připomenete

[liki8]

Dekuji, pripadne se ozvu!

[MiliNess]

Dobrý den, ty BSOD byly opravdu způsobeny kolizí ovladačů filtru Avastu a MBAM. Pokud jste to ještě neudělal, doporučuji odinstalovat MBAM nebo alespoň deaktivivat rezidentní kontrolu.
Co se týká nefunkčnosti těch funkčních tlačítek, řešení záleží na výrobci notebooku. Co to máte za značku?

[liki8]

Dobry vecer! Odinstalovat MBAM me take napodlo. Combofix fungoval. Ale nefunguje Goldmemory, ktery nenacte spravne velikost Ram ani pri AUTO nastaveni. Pri auto ani po dveceti minutach neni spusten test. Vyndal jsem jednu pamet (mam 2x4GB), jestli nahodou nenacte alespon pameti samostatne. Nic se nedelo, stale pri starem. Co se tyce NTB mam Del XPS l502x. Tlacitka prestaly fungovat myslim po testu Combofixu. O tlacitka celkem nejde (reinstalace systemu vzdy pomuze), hlavne, ze je vir pryc. Spise mi jde o Ram, jestli jsou v poradku. Dekuji

[MiliNess]

Zkuste jinou verzi GoldMemory, eventuelně Memtest.

[liki8]

Co jsem pochopil, tak Gold Memory je delany na 32bitove verze a at jsem hledal kdekoliv, nenasel jsem podporu pro Win7. (vim, ze pracuje nezavisle na operacnim systemu) Zkusil jsem druhy navrhovany software, ktery vse identifikoval bez problemu. Chybu nenasel zadnou po trech cyklech. Myslite, ze by vse mohlo byt OK? Dekuji