Menšia preventívka

[motji]

[tinostar91]

Dobrý deň. Môjmu bratovi nedalo, čo mám za e-maily, tak nainštaloval nejaký program Password Spectator" aby zistil moje heslo. Pozeral som ESS a tam bola zachytená infiltrácia "Win32/InstallCore.D" Odinštaloval som som ten program (hneď po odinštalovaní začal niečo sťahovať tak som to zrušil). Objavil sa mi SearchYa toolbar (nenachádza sa v zozname programov), aj keď vraj nič také nepísalo, že nainštaluje, tak znovu (po tak krátkej dobe) dávam log. Mimochodom ešte mi vyskakuje niečo takéto, keď niečo vo firefoxe zmením (zatiaľ som nič z toho nestláčal pretože sa mi to vtedy neukazovalo a nemienim nič riskovať, obrázok v prílohe). PC som zatiaľ prešiel MBAM-om a nič nenašiel.
//EDIT ten searchya toolbar som odinštaloval v správcovi doplnkov firefoxu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ok at 2012-06-02 19:24:14
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 176 GB (78%) free of 227 GB
Total RAM: 4092 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:19, on 2. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Ok.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchya.com/?chnl=dcom-100&s=0& ... tBtDyCtDtB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8284 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 32461584
\??\C:\Windows\system32\conhost.exe "213043373087766412030657918417995661289253955-1327383213-1246169672-652744168
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2836
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\AUDIODG.EXE 0x3b8
"C:\Users\Ok\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default

prefs.js - "browser.startup.homepage" - "about:blank"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\extensions\
ffxtlbr@searchya.com

C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\searchplugins\
searchya.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1889856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-22 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2000-01-01 1128448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-04-05 17356424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-12-01 842816]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-04-21 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-06-02 18:30:37 ----HD---- C:\ProgramData\Common Files
2012-06-02 18:04:51 ----A---- C:\user.js
2012-06-02 17:52:34 ----D---- C:\Program Files (x86)\Passware
2012-06-02 17:44:46 ----D---- C:\Users\Ok\AppData\Roaming\Passware
2012-05-30 15:48:50 ----D---- C:\Program Files (x86)\SpeedFan
2012-05-30 15:29:24 ----D---- C:\rsit
2012-05-30 15:08:25 ----D---- C:\Program Files\CCleaner
2012-05-28 14:23:40 ----D---- C:\Windows\temp
2012-05-28 14:06:44 ----D---- C:\$RECYCLE.BIN
2012-05-27 09:40:54 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2012-05-26 12:00:23 ----D---- C:\Program Files\trend micro
2012-05-26 10:30:26 ----D---- C:\Users\Ok\AppData\Roaming\Malwarebytes
2012-05-26 10:30:19 ----D---- C:\ProgramData\Malwarebytes
2012-05-26 10:30:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-05-26 10:30:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-25 17:59:11 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-05-23 06:16:26 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-05-23 06:16:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-05-23 06:16:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-05-23 06:16:24 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-05-23 06:14:31 ----D---- C:\Windows\SYSWOW64\directx
2012-05-22 11:44:57 ----D---- C:\Windows\SYSWOW64\Adobe
2012-05-21 08:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-21 08:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 18:23:27 ----D---- C:\Users\Ok\AppData\Roaming\.minecraft
2012-05-15 15:42:18 ----D---- C:\Users\Ok\AppData\Roaming\OpenOffice.org
2012-05-15 15:40:29 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2012-05-13 18:46:54 ----D---- C:\Users\Ok\AppData\Roaming\Unity
2012-05-13 17:20:07 ----D---- C:\Program Files (x86)\CarReplacer
2012-05-13 17:19:58 ----N---- C:\Windows\Setup1.exe
2012-05-13 17:19:57 ----A---- C:\Windows\ST6UNST.EXE
2012-05-13 09:26:02 ----D---- C:\Program Files (x86)\NFO Reader
2012-05-12 06:16:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-12 06:16:37 ----A---- C:\Windows\system32\win32k.sys
2012-05-12 06:16:34 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-12 06:16:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-12 06:16:18 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 06:16:07 ----A---- C:\Windows\system32\DWrite.dll
2012-05-12 06:16:06 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-12 06:16:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 19:26:27 ----D---- C:\Program Files (x86)\ABCgames Cheater
2012-05-08 16:19:13 ----D---- C:\ProgramData\Electronic Arts
2012-05-08 16:19:13 ----D---- C:\ProgramData\EA Core
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-05-08 15:55:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-05-08 15:55:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-05-08 15:55:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-05-08 15:55:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-05-08 15:55:43 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-05-08 15:55:36 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-05-08 15:55:24 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-05-08 15:55:24 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-05-08 15:55:14 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-05-08 15:55:14 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-05-08 15:55:03 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-05-08 15:55:03 ----A---- C:\Windows\system32\xinput1_3.dll
2012-05-08 15:55:02 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-05-08 15:55:02 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-05-08 15:54:58 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-05-08 15:54:58 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\d3dx10.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-05-08 15:54:54 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-05-08 15:54:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-05-08 15:54:48 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-05-08 15:54:48 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-05-08 15:54:38 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-05-08 15:54:38 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-05-08 15:54:34 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-05-08 15:53:24 ----D---- C:\ProgramData\Solidshield
2012-05-07 16:18:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-05-06 19:55:30 ----D---- C:\ProgramData\MTA San Andreas All
2012-05-05 20:02:52 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2012-06-02 19:12:40 ----D---- C:\Users\Ok\AppData\Roaming\Skype
2012-06-02 18:30:37 ----D---- C:\ProgramData
2012-06-02 18:16:15 ----RD---- C:\Program Files (x86)
2012-06-02 18:09:08 ----D---- C:\Users\Ok\AppData\Roaming\uTorrent
2012-06-02 18:08:56 ----D---- C:\Windows\inf
2012-06-02 18:08:56 ----D---- C:\Windows
2012-06-02 17:53:00 ----D---- C:\Windows\Prefetch
2012-06-02 17:52:24 ----SHD---- C:\Windows\Installer
2012-06-02 17:52:23 ----D---- C:\Config.Msi
2012-06-02 17:52:14 ----SHD---- C:\System Volume Information
2012-06-02 16:11:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-02 14:11:43 ----D---- C:\Windows\system32\config
2012-06-02 09:24:00 ----D---- C:\Windows\System32
2012-06-02 09:24:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-01 14:14:09 ----D---- C:\Users\Ok\AppData\Roaming\vlc
2012-05-30 15:48:50 ----D---- C:\Windows\SysWOW64
2012-05-30 15:21:03 ----D---- C:\Windows\system32\catroot2
2012-05-30 15:20:01 ----D---- C:\Windows\system32\Tasks
2012-05-30 15:19:31 ----D---- C:\Windows\Tasks
2012-05-30 15:16:42 ----D---- C:\Users\Ok\AppData\Roaming\DAEMON Tools Lite
2012-05-30 15:16:33 ----D---- C:\Windows\Panther
2012-05-30 15:16:33 ----D---- C:\Windows\Logs
2012-05-30 15:16:33 ----D---- C:\Windows\debug
2012-05-30 15:08:25 ----RD---- C:\Program Files
2012-05-30 15:00:47 ----D---- C:\Windows\system32\drivers
2012-05-28 22:06:12 ----D---- C:\Windows\system32\wdi
2012-05-28 14:06:56 ----A---- C:\Windows\system.ini
2012-05-28 14:06:33 ----D---- C:\Windows\system32\drivers\etc
2012-05-28 13:56:14 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-28 13:56:14 ----D---- C:\Windows\AppPatch
2012-05-28 13:56:12 ----D---- C:\Program Files\Common Files
2012-05-28 13:56:12 ----D---- C:\Program Files (x86)\Common Files
2012-05-26 11:39:38 ----D---- C:\Windows\winsxs
2012-05-25 17:59:15 ----RSD---- C:\Windows\assembly
2012-05-25 17:59:12 ----SD---- C:\Users\Ok\AppData\Roaming\Microsoft
2012-05-25 17:51:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-19 20:54:01 ----D---- C:\ProgramData\tmp
2012-05-19 20:18:18 ----D---- C:\ProgramData\hps
2012-05-19 18:31:01 ----D---- C:\Program Files (x86)\uTorrent
2012-05-15 15:40:46 ----RSD---- C:\Windows\Fonts
2012-05-14 09:10:33 ----D---- C:\Windows\system32\NDF
2012-05-12 12:36:35 ----D---- C:\Windows\Microsoft.NET
2012-05-12 07:11:53 ----A---- C:\Windows\system32\MRT.exe
2012-05-12 07:08:56 ----D---- C:\Windows\system32\catroot
2012-05-12 07:03:15 ----D---- C:\Program Files\Windows Journal
2012-05-05 21:08:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2000-01-01 16440]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-21 2769408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 AVerAF15;AVerMedia BDA Digital Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2008-01-16 369024]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2000-01-01 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 21416]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2000-01-01 528384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 53376]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-03-25 956192]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-12-01 322624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2000-01-01 301568]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2009-07-12 1924400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

-----------------EOF-----------------

[motji]

Můžete pc znovu projet combofixem?

[tinostar91]

Ten ComboFix niečo musel zrobiť pretože pred použitím mi nešla nainštalovať aktualizácia Windows Defender, potom už išla.

ComboFix 12-06-03.05 - Ok . 06. 2012 9:34.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4092.2891 [GMT 2:00]
Running from: c:\users\Ok\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 07:44 . 2012-06-04 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 07:13 . 2012-02-23 08:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-06-02 16:30 . 2012-06-02 16:30 -------- d--h--w- c:\programdata\Common Files
2012-06-02 16:04 . 2012-06-02 16:04 58 ----a-w- C:\user.js
2012-06-02 15:52 . 2012-06-02 17:30 -------- d-----w- c:\program files (x86)\Passware
2012-06-02 15:44 . 2012-06-02 15:44 -------- d-----w- c:\users\Ok\AppData\Roaming\Passware
2012-05-30 20:37 . 2012-05-30 20:37 -------- d-----w- c:\users\Ok\Broadcom
2012-05-30 13:48 . 2012-05-30 13:56 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-30 13:29 . 2012-05-30 13:29 -------- d-----w- C:\rsit
2012-05-30 13:08 . 2012-05-30 13:08 -------- d-----w- c:\program files\CCleaner
2012-05-30 04:48 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C76323F4-665C-4E3D-8E45-65B2159A343D}\mpengine.dll
2012-05-27 07:40 . 2012-05-27 07:41 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-05-26 10:00 . 2012-06-02 17:24 -------- d-----w- c:\program files\trend micro
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\users\Ok\AppData\Roaming\Malwarebytes
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\programdata\Malwarebytes
2012-05-26 08:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 15:59 . 2012-05-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-05-23 04:22 . 2012-05-23 04:22 -------- d-----w- c:\users\Ok\AppData\Local\SniperV2
2012-05-22 09:44 . 2012-05-22 09:44 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-21 06:42 . 2012-05-21 06:42 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 06:42 . 2012-05-21 06:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 16:23 . 2012-05-17 15:02 -------- d-----w- c:\users\Ok\AppData\Roaming\.minecraft
2012-05-15 13:42 . 2012-05-15 13:42 -------- d-----w- c:\users\Ok\AppData\Roaming\OpenOffice.org
2012-05-15 13:40 . 2012-05-15 13:40 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-13 16:46 . 2012-05-13 16:46 -------- d-----w- c:\users\Ok\AppData\Roaming\Unity
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\users\Ok\AppData\Local\Unity
2012-05-13 15:20 . 2012-05-13 15:20 -------- d-----w- c:\program files (x86)\CarReplacer
2012-05-13 15:19 . 2012-05-13 15:19 253952 ------w- c:\windows\Setup1.exe
2012-05-13 15:19 . 2012-05-13 15:19 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-05-13 07:26 . 2012-05-13 07:26 -------- d-----w- c:\program files (x86)\NFO Reader
2012-05-10 04:57 . 2012-05-24 16:42 -------- d-----w- c:\users\Ok\AppData\Local\SKIDROW
2012-05-10 04:57 . 2012-05-10 04:57 -------- d-----w- c:\users\Ok\AppData\Local\2K Games
2012-05-08 17:26 . 2012-05-08 17:26 -------- d-----w- c:\program files (x86)\ABCgames Cheater
2012-05-08 14:19 . 2012-05-08 14:19 -------- d-----w- c:\programdata\Electronic Arts
2012-05-08 14:19 . 2012-05-08 14:19 -------- d-----w- c:\programdata\EA Core
2012-05-08 13:54 . 2007-01-24 13:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2012-05-08 13:53 . 2012-05-08 14:18 -------- d-----w- c:\programdata\Solidshield
2012-05-07 14:18 . 2012-05-07 14:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-07 14:16 . 2012-05-07 14:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-06 17:55 . 2012-05-06 17:55 -------- d-----w- c:\programdata\MTA San Andreas All
2012-05-05 18:02 . 2012-05-05 19:08 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 19:08 . 2012-04-20 09:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:08 . 2012-04-20 09:31 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 12:49 . 2012-04-24 12:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-22 08:15 . 2012-04-22 08:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-21 11:58 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-21 08:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-21 08:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-21 07:50 . 2012-04-21 07:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-21 07:50 . 2012-04-21 07:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-21 07:50 . 2012-04-21 07:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-21 07:50 . 2012-04-21 07:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-21 07:50 . 2012-04-21 07:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-21 07:50 . 2012-04-21 07:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-21 07:50 . 2012-04-21 07:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-21 07:50 . 2012-04-21 07:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-21 07:50 . 2012-04-21 07:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-21 07:50 . 2012-04-21 07:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-21 07:50 . 2012-04-21 07:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-21 07:50 . 2012-04-21 07:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-21 07:50 . 2012-04-21 07:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-21 07:50 . 2012-04-21 07:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-21 07:50 . 2012-04-21 07:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-21 07:50 . 2012-04-21 07:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-21 07:50 . 2012-04-21 07:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-21 07:50 . 2012-04-21 07:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-21 07:50 . 2012-04-21 07:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-21 07:50 . 2012-04-21 07:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-21 07:50 . 2012-04-21 07:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-21 07:50 . 2012-04-21 07:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-21 07:50 . 2012-04-21 07:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-21 07:50 . 2012-04-21 07:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-21 07:50 . 2012-04-21 07:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-21 07:50 . 2012-04-21 07:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-21 07:50 . 2012-04-21 07:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-21 07:50 . 2012-04-21 07:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-21 07:50 . 2012-04-21 07:50 448512 ----a-w- c:\windows\system32\html.iec
2012-04-21 07:50 . 2012-04-21 07:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-21 07:50 . 2012-04-21 07:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-21 07:50 . 2012-04-21 07:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-21 07:50 . 2012-04-21 07:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-21 07:50 . 2012-04-21 07:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
.
c:\users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 19:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB
FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=dcom-100&s=3&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB&q=
FF - user.js: extensions.searchya_i.id - dcca00800000000000000027133f1779
FF - user.js: extensions.searchya_i.instlDay - 15493
FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.018:04
FF - user.js: extensions.searchya_i.prtnrId - ironsrc
FF - user.js: extensions.searchya_i.prdct - searchya
FF - user.js: extensions.searchya_i.aflt - dcom
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.tlbrId - base
FF - user.js: extensions.searchya_i.instlRef - dcom-100
FF - user.js: extensions.searchya_i.dfltLng -
FF - user.js: extensions.searchya_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-Bus Driver_is1 - h:\bus driver\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 10:02:10
ComboFix-quarantined-files.txt 2012-06-04 08:02
.
Pre-Run: 182 728 749 056 bytes free
Post-Run: 182 441 136 128 bytes free
.
- - End Of File - - 5223E77E02FBFD5A1C94F45C3D772717

[motji]

Tuto stránku používáte?
hxxp://searchya.com/

[tinostar91]

Nie, dostal som sa k nej iba cez ten vírus.

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm


Firefox::
FF - ProfilePath - c:\users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0& ... tBtDyCtDtB
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2& ... tBtDyCtDtB
FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=dcom-100&s=3& ... DyCtDtB&q=
FF - user.js: extensions.searchya_i.id - dcca00800000000000000027133f1779
FF - user.js: extensions.searchya_i.instlDay - 15493
FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.018:04
FF - user.js: extensions.searchya_i.prtnrId - ironsrc
FF - user.js: extensions.searchya_i.prdct - searchya
FF - user.js: extensions.searchya_i.aflt - dcom
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.tlbrId - base
FF - user.js: extensions.searchya_i.instlRef - dcom-100
FF - user.js: extensions.searchya_i.dfltLng - 
FF - user.js: extensions.searchya_i.excTlbr - false

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[tinostar91]

ComboFix 12-06-05.04 - Ok . 06. 2012 15:07:57.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4092.2761 [GMT 2:00]
Running from: c:\users\Ok\Desktop\ComboFix.exe
Command switches used :: c:\users\Ok\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 13:17 . 2012-06-06 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 05:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12BA61FA-2FC1-4A42-B803-A0BB0CCDA375}\mpengine.dll
2012-06-05 12:48 . 2012-06-05 12:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-05 12:48 . 2012-06-05 12:48 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-05 12:48 . 2012-06-05 12:48 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-04 07:13 . 2012-02-23 08:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-06-02 16:30 . 2012-06-02 16:30 -------- d--h--w- c:\programdata\Common Files
2012-06-02 16:04 . 2012-06-02 16:04 58 ----a-w- C:\user.js
2012-06-02 15:52 . 2012-06-02 17:30 -------- d-----w- c:\program files (x86)\Passware
2012-06-02 15:44 . 2012-06-02 15:44 -------- d-----w- c:\users\Ok\AppData\Roaming\Passware
2012-05-30 20:37 . 2012-05-30 20:37 -------- d-----w- c:\users\Ok\Broadcom
2012-05-30 13:48 . 2012-05-30 13:56 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-30 13:29 . 2012-05-30 13:29 -------- d-----w- C:\rsit
2012-05-30 13:08 . 2012-05-30 13:08 -------- d-----w- c:\program files\CCleaner
2012-05-27 07:40 . 2012-05-27 07:41 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-05-26 10:00 . 2012-06-02 17:24 -------- d-----w- c:\program files\trend micro
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\users\Ok\AppData\Roaming\Malwarebytes
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\programdata\Malwarebytes
2012-05-26 08:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-26 08:30 . 2012-05-26 08:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 15:59 . 2012-05-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-05-23 04:22 . 2012-05-23 04:22 -------- d-----w- c:\users\Ok\AppData\Local\SniperV2
2012-05-22 09:44 . 2012-05-22 09:44 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-21 06:42 . 2012-05-21 06:42 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 06:42 . 2012-05-21 06:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 16:23 . 2012-06-05 05:57 -------- d-----w- c:\users\Ok\AppData\Roaming\.minecraft
2012-05-15 13:42 . 2012-05-15 13:42 -------- d-----w- c:\users\Ok\AppData\Roaming\OpenOffice.org
2012-05-15 13:40 . 2012-05-15 13:40 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-13 16:46 . 2012-05-13 16:46 -------- d-----w- c:\users\Ok\AppData\Roaming\Unity
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\users\Ok\AppData\Local\Unity
2012-05-13 15:20 . 2012-05-13 15:20 -------- d-----w- c:\program files (x86)\CarReplacer
2012-05-13 15:19 . 2012-05-13 15:19 253952 ------w- c:\windows\Setup1.exe
2012-05-13 15:19 . 2012-05-13 15:19 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-05-13 07:26 . 2012-05-13 07:26 -------- d-----w- c:\program files (x86)\NFO Reader
2012-05-10 04:57 . 2012-05-24 16:42 -------- d-----w- c:\users\Ok\AppData\Local\SKIDROW
2012-05-10 04:57 . 2012-05-10 04:57 -------- d-----w- c:\users\Ok\AppData\Local\2K Games
2012-05-08 17:26 . 2012-05-08 17:26 -------- d-----w- c:\program files (x86)\ABCgames Cheater
2012-05-08 14:19 . 2012-05-08 14:19 -------- d-----w- c:\programdata\Electronic Arts
2012-05-08 14:19 . 2012-05-08 14:19 -------- d-----w- c:\programdata\EA Core
2012-05-08 13:54 . 2007-01-24 13:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2012-05-08 13:53 . 2012-05-08 14:18 -------- d-----w- c:\programdata\Solidshield
2012-05-07 14:18 . 2012-05-07 14:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-07 14:16 . 2012-05-07 14:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 19:08 . 2012-04-20 09:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:08 . 2012-04-20 09:31 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 19:08 . 2012-05-05 18:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 12:49 . 2012-04-24 12:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-22 08:15 . 2012-04-22 08:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-21 11:58 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-21 08:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-21 08:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-21 07:50 . 2012-04-21 07:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-21 07:50 . 2012-04-21 07:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-21 07:50 . 2012-04-21 07:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-21 07:50 . 2012-04-21 07:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-21 07:50 . 2012-04-21 07:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-21 07:50 . 2012-04-21 07:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-21 07:50 . 2012-04-21 07:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-21 07:50 . 2012-04-21 07:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-21 07:50 . 2012-04-21 07:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-21 07:50 . 2012-04-21 07:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-21 07:50 . 2012-04-21 07:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-21 07:50 . 2012-04-21 07:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-21 07:50 . 2012-04-21 07:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-21 07:50 . 2012-04-21 07:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-21 07:50 . 2012-04-21 07:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-21 07:50 . 2012-04-21 07:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-21 07:50 . 2012-04-21 07:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-21 07:50 . 2012-04-21 07:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-21 07:50 . 2012-04-21 07:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-21 07:50 . 2012-04-21 07:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-21 07:50 . 2012-04-21 07:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-21 07:50 . 2012-04-21 07:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-21 07:50 . 2012-04-21 07:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-21 07:50 . 2012-04-21 07:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-21 07:50 . 2012-04-21 07:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-21 07:50 . 2012-04-21 07:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-21 07:50 . 2012-04-21 07:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-21 07:50 . 2012-04-21 07:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-21 07:50 . 2012-04-21 07:50 448512 ----a-w- c:\windows\system32\html.iec
2012-04-21 07:50 . 2012-04-21 07:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-21 07:50 . 2012-04-21 07:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-21 07:50 . 2012-04-21 07:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-21 07:50 . 2012-04-21 07:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-21 07:50 . 2012-04-21 07:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_07.46.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 10:04 . 2012-06-06 05:48 35654 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-06 05:48 38978 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-04 07:21 38978 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-06-05 05:30 94368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-20 10:12 . 2012-06-06 05:48 8016 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3093673229-1255773911-3470108579-1000_UserData.bin
- 2012-04-20 10:12 . 2012-06-04 07:21 8016 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3093673229-1255773911-3470108579-1000_UserData.bin
+ 2012-04-20 09:49 . 2012-06-05 21:27 2920 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-04-20 09:49 . 2012-06-04 07:18 2920 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-06-04 07:19 . 2012-06-04 07:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 05:46 . 2012-06-06 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 05:46 . 2012-06-06 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-04 07:19 . 2012-06-04 07:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-04 07:23 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 05:51 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 05:51 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-04 07:23 106388 c:\windows\system32\perfc009.dat
- 2012-04-28 08:18 . 2012-06-04 07:18 808472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-28 08:18 . 2012-06-05 21:27 808472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-04 07:18 275216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-05 21:27 275216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-20 18:38 . 2012-06-05 21:27 11312612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3093673229-1255773911-3470108579-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
.
c:\users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-05 129976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 19:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 15:35:28
ComboFix-quarantined-files.txt 2012-06-06 13:35
ComboFix2.txt 2012-06-04 08:02
.
Pre-Run: 175 577 198 592 bytes free
Post-Run: 175 735 480 320 bytes free
.
- - End Of File - - 381019BAE4AF0A21382157682D46AC69

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[tinostar91]

Momentálne žiadne problémy (dúfam že to tak vydrží najmenej mesiac)
RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ok at 2012-06-07 15:00:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 178 GB (79%) free of 227 GB
Total RAM: 4092 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:28, on 7. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\Ok.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8094 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe 34276384
\??\C:\Windows\system32\conhost.exe "156105538311353509161558856270-14060954058347322-182726809910397472371855522880
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"taskhost.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2408
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\AUDIODG.EXE 0x57c
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Ok\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\searchplugins\
searchya.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1889856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-22 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2000-01-01 1128448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-04-05 17356424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-12-01 842816]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-04-21 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-06-07 15:00:21 ----D---- C:\rsit
2012-06-06 16:38:40 ----SHD---- C:\$RECYCLE.BIN
2012-06-06 15:17:40 ----D---- C:\Windows\temp
2012-06-05 14:48:16 ----D---- C:\ProgramData\Mozilla
2012-06-05 14:48:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-04 09:13:22 ----N---- C:\Windows\SYSWOW64\MpSigStub.exe
2012-06-02 18:30:37 ----HD---- C:\ProgramData\Common Files
2012-06-02 18:04:51 ----A---- C:\user.js
2012-06-02 17:52:34 ----D---- C:\Program Files (x86)\Passware
2012-06-02 17:44:46 ----D---- C:\Users\Ok\AppData\Roaming\Passware
2012-05-30 15:48:50 ----D---- C:\Program Files (x86)\SpeedFan
2012-05-30 15:08:25 ----D---- C:\Program Files\CCleaner
2012-05-27 09:40:54 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2012-05-26 12:00:23 ----D---- C:\Program Files\trend micro
2012-05-26 10:30:26 ----D---- C:\Users\Ok\AppData\Roaming\Malwarebytes
2012-05-26 10:30:19 ----D---- C:\ProgramData\Malwarebytes
2012-05-26 10:30:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-05-26 10:30:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-25 17:59:11 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-05-23 06:16:26 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-05-23 06:16:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-05-23 06:16:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-05-23 06:16:24 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-05-23 06:14:31 ----D---- C:\Windows\SYSWOW64\directx
2012-05-22 11:44:57 ----D---- C:\Windows\SYSWOW64\Adobe
2012-05-21 08:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-21 08:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 18:23:27 ----D---- C:\Users\Ok\AppData\Roaming\.minecraft
2012-05-15 15:42:18 ----D---- C:\Users\Ok\AppData\Roaming\OpenOffice.org
2012-05-15 15:40:29 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2012-05-13 18:46:54 ----D---- C:\Users\Ok\AppData\Roaming\Unity
2012-05-13 17:20:07 ----D---- C:\Program Files (x86)\CarReplacer
2012-05-13 17:19:58 ----N---- C:\Windows\Setup1.exe
2012-05-13 17:19:57 ----A---- C:\Windows\ST6UNST.EXE
2012-05-13 09:26:02 ----D---- C:\Program Files (x86)\NFO Reader
2012-05-12 06:16:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-12 06:16:37 ----A---- C:\Windows\system32\win32k.sys
2012-05-12 06:16:34 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-12 06:16:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-12 06:16:18 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 06:16:07 ----A---- C:\Windows\system32\DWrite.dll
2012-05-12 06:16:06 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-12 06:16:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 19:26:27 ----D---- C:\Program Files (x86)\ABCgames Cheater
2012-05-08 16:19:13 ----D---- C:\ProgramData\Electronic Arts
2012-05-08 16:19:13 ----D---- C:\ProgramData\EA Core
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-05-08 15:55:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-05-08 15:55:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-05-08 15:55:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-05-08 15:55:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-05-08 15:55:43 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-05-08 15:55:36 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-05-08 15:55:24 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-05-08 15:55:24 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-05-08 15:55:14 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-05-08 15:55:14 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-05-08 15:55:03 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-05-08 15:55:03 ----A---- C:\Windows\system32\xinput1_3.dll
2012-05-08 15:55:02 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-05-08 15:55:02 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-05-08 15:54:58 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-05-08 15:54:58 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\d3dx10.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-05-08 15:54:54 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-05-08 15:54:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-05-08 15:54:48 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-05-08 15:54:48 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-05-08 15:54:38 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-05-08 15:54:38 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-05-08 15:54:34 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-05-08 15:53:24 ----D---- C:\ProgramData\Solidshield

======List of files/folders modified in the last 1 month======

2012-06-07 15:00:28 ----D---- C:\Windows\Prefetch
2012-06-07 14:56:36 ----D---- C:\Users\Ok\AppData\Roaming\uTorrent
2012-06-07 14:56:28 ----D---- C:\Windows\inf
2012-06-07 14:56:28 ----D---- C:\Windows
2012-06-07 14:55:36 ----D---- C:\Windows\System32
2012-06-07 14:55:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-07 14:54:35 ----D---- C:\Windows\system32\config
2012-06-07 14:52:54 ----RD---- C:\Program Files (x86)
2012-06-07 14:49:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-07 14:45:59 ----SHD---- C:\System Volume Information
2012-06-06 15:19:34 ----A---- C:\Windows\system.ini
2012-06-06 15:10:26 ----D---- C:\Windows\SYSWOW64\drivers
2012-06-06 15:10:26 ----D---- C:\Windows\SysWOW64
2012-06-06 15:10:26 ----D---- C:\Windows\system32\drivers
2012-06-06 15:10:26 ----D---- C:\Windows\AppPatch
2012-06-06 15:10:24 ----D---- C:\Program Files\Common Files
2012-06-06 15:10:24 ----D---- C:\Program Files (x86)\Common Files
2012-06-05 14:48:16 ----D---- C:\ProgramData
2012-06-04 09:03:27 ----D---- C:\Windows\system32\catroot
2012-06-02 19:27:06 ----D---- C:\Users\Ok\AppData\Roaming\Skype
2012-06-02 17:52:24 ----SHD---- C:\Windows\Installer
2012-06-02 17:52:23 ----D---- C:\Config.Msi
2012-06-01 14:14:09 ----D---- C:\Users\Ok\AppData\Roaming\vlc
2012-05-30 15:21:03 ----D---- C:\Windows\system32\catroot2
2012-05-30 15:20:01 ----D---- C:\Windows\system32\Tasks
2012-05-30 15:19:31 ----D---- C:\Windows\Tasks
2012-05-30 15:16:42 ----D---- C:\Users\Ok\AppData\Roaming\DAEMON Tools Lite
2012-05-30 15:16:33 ----D---- C:\Windows\Panther
2012-05-30 15:16:33 ----D---- C:\Windows\Logs
2012-05-30 15:16:33 ----D---- C:\Windows\debug
2012-05-30 15:08:25 ----RD---- C:\Program Files
2012-05-28 22:06:12 ----D---- C:\Windows\system32\wdi
2012-05-28 14:06:33 ----D---- C:\Windows\system32\drivers\etc
2012-05-26 11:39:38 ----D---- C:\Windows\winsxs
2012-05-25 17:59:15 ----RSD---- C:\Windows\assembly
2012-05-25 17:59:12 ----SD---- C:\Users\Ok\AppData\Roaming\Microsoft
2012-05-25 17:51:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-19 20:54:01 ----D---- C:\ProgramData\tmp
2012-05-19 20:18:18 ----D---- C:\ProgramData\hps
2012-05-19 18:31:01 ----D---- C:\Program Files (x86)\uTorrent
2012-05-15 15:40:46 ----RSD---- C:\Windows\Fonts
2012-05-14 09:10:33 ----D---- C:\Windows\system32\NDF
2012-05-12 12:36:35 ----D---- C:\Windows\Microsoft.NET
2012-05-12 07:11:53 ----A---- C:\Windows\system32\MRT.exe
2012-05-12 07:03:15 ----D---- C:\Program Files\Windows Journal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2000-01-01 16440]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-21 2769408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 AVerAF15;AVerMedia BDA Digital Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2008-01-16 369024]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2000-01-01 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 21416]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2000-01-01 528384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 53376]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-03-25 956192]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-12-01 322624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2000-01-01 301568]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2009-07-12 1924400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-05 129976]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

-----------------EOF-----------------

[motji]

Log je v pořádku. Hezký den

[tinostar91]

Dobrý deň, zas sa mi niečo so svojim PC nezdá, domovská stránka je Babylon serach a ani za .. ju nemôžem zmeniť na inú (aj som sa trochu hrabal v about:config ale žiadny výsledok) tiež mi prestal fungovať AdBlock, raz za čas vyskočí okienko v FF že sa niečo snaží prijať nezabezpečenú aktualizáciu, taktiež niekedy sa mi nedá pripojiť do ČSOB IB, screen: http://i48.tinypic.com/28rh2xs.png (aj na Googli toto niekedy robí), funguje keď premažem cache a veci okolo toho v CCleaneri, log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ok at 2012-09-29 07:14:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 142 GB (63%) free of 227 GB
Total RAM: 4092 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:04, on 29. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\Ok.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{809F38D0-F647-48B3-9BA0-07232C1C42C6}: NameServer = 213.151.236.74,213.151.236.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{998596A7-0EDE-4036-84DF-16843315CA10}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9547 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe" /PROTECT
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
WLIDSvcM.exe 2600
taskeng.exe {461269CE-88DD-4F41-9156-76C395130860}
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE 0x99c
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Ok\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=114874 ... 27133f1779"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\searchplugins\
BabylonMngr.xml
searchya.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1889856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-08 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-08 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2000-01-01 1128448]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 4081008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-09-07 766536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-12-01 842816]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-04-21 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-09-24 17:19:10 ----D---- C:\Users\Ok\AppData\Roaming\FreeImageConverter
2012-09-24 17:18:26 ----D---- C:\Program Files (x86)\FreeImageConverter
2012-09-24 16:39:55 ----A---- C:\Windows\FlashDecompiler.INI
2012-09-24 14:22:42 ----D---- C:\ProgramData\AutoUpdate
2012-09-24 14:22:41 ----AD---- C:\ProgramData\TEMP
2012-09-24 14:22:35 ----D---- C:\Program Files (x86)\Eltima Software
2012-09-24 14:09:37 ----D---- C:\Windows\SYSWOW64\searchplugins
2012-09-24 14:09:37 ----D---- C:\Windows\SYSWOW64\Extensions
2012-09-22 14:34:00 ----D---- C:\Users\Ok\AppData\Roaming\Songbird2
2012-09-22 12:05:18 ----D---- C:\Windows\SYSWOW64\Temp
2012-09-22 09:35:55 ----D---- C:\ProgramData\Browser Manager
2012-09-22 09:34:53 ----D---- C:\Users\Ok\AppData\Roaming\Babylon
2012-09-22 09:34:53 ----D---- C:\ProgramData\Babylon
2012-09-18 18:20:42 ----D---- C:\Windows\SYSWOW64\Adobe
2012-09-18 18:02:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-09-16 13:41:37 ----D---- C:\Users\Ok\AppData\Roaming\dvdcss
2012-09-16 13:41:11 ----D---- C:\Users\Ok\AppData\Roaming\Digiarty
2012-09-13 19:44:44 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2012-09-13 19:44:44 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2012-09-13 19:44:43 ----D---- C:\Program Files (x86)\iWisoft Free Video Converter
2012-09-13 16:56:34 ----D---- C:\ProgramData\TrackMania
2012-09-13 16:51:53 ----D---- C:\Program Files (x86)\TmNationsForever
2012-09-13 16:37:29 ----D---- C:\Users\Ok\AppData\Roaming\TortoiseSVN
2012-09-13 16:28:54 ----D---- C:\Users\Ok\AppData\Roaming\Subversion
2012-09-13 16:28:29 ----D---- C:\Program Files\TortoiseSVN
2012-09-13 16:28:29 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2012-09-12 15:01:34 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 15:01:34 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 15:01:30 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-12 15:01:29 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-09-12 15:01:24 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 15:01:23 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 15:01:23 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 17:58:42 ----D---- C:\Users\Ok\AppData\Roaming\WinMount
2012-09-09 17:58:18 ----A---- C:\Windows\SYSWOW64\drivers\WMDrive.sys
2012-09-09 13:24:46 ----D---- C:\Program Files (x86)\AMD
2012-09-09 13:23:00 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-09-09 13:22:58 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-09-09 13:22:24 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-09-09 08:33:09 ----D---- C:\ProgramData\AMD
2012-09-08 14:06:25 ----D---- C:\Program Files (x86)\AMD APP
2012-09-08 14:05:52 ----A---- C:\Windows\system32\drivers\amdiox64.sys
2012-09-08 13:03:41 ----D---- C:\Program Files (x86)\Steam
2012-09-08 09:43:31 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-09-08 09:43:22 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-09-08 09:43:09 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-09-08 09:43:09 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-09-08 09:43:09 ----A---- C:\Windows\SYSWOW64\java.exe
2012-09-03 18:52:52 ----D---- C:\ProgramData\B1 Free Archiver
2012-09-03 18:52:14 ----D---- C:\Program Files (x86)\B1 Free Archiver
2012-09-03 18:50:19 ----D---- C:\Program Files (x86)\FireArc Arcade
2012-08-30 11:08:38 ----D---- C:\Program Files (x86)\Redsystem

======List of files/folders modified in the last 1 month======

2012-09-29 07:14:03 ----D---- C:\Program Files\trend micro
2012-09-29 07:12:06 ----D---- C:\Windows\temp
2012-09-29 06:16:02 ----D---- C:\Windows\System32
2012-09-29 06:16:02 ----D---- C:\Windows\inf
2012-09-29 06:16:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-29 06:13:15 ----D---- C:\Windows\system32\config
2012-09-29 06:13:09 ----RD---- C:\Program Files (x86)
2012-09-29 06:11:52 ----D---- C:\Windows\system32\Tasks
2012-09-29 06:11:40 ----D---- C:\Windows
2012-09-28 19:15:38 ----D---- C:\Users\Ok\AppData\Roaming\vlc
2012-09-28 17:12:59 ----D---- C:\Users\Ok\AppData\Roaming\uTorrent
2012-09-28 17:12:31 ----D---- C:\Windows\debug
2012-09-28 13:40:56 ----D---- C:\Windows\system32\catroot2
2012-09-27 05:17:51 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 20:49:48 ----D---- C:\Windows\system32\drivers
2012-09-26 15:20:20 ----D---- C:\Windows\Prefetch
2012-09-25 18:52:49 ----D---- C:\Users\Ok\AppData\Roaming\Skype
2012-09-24 17:22:19 ----SD---- C:\Users\Ok\AppData\Roaming\Microsoft
2012-09-24 17:18:28 ----SHD---- C:\Windows\Installer
2012-09-24 17:18:27 ----D---- C:\Config.Msi
2012-09-24 17:18:16 ----SHD---- C:\System Volume Information
2012-09-24 14:22:42 ----D---- C:\ProgramData
2012-09-24 14:09:46 ----SHD---- C:\$RECYCLE.BIN
2012-09-24 14:09:37 ----D---- C:\Windows\SysWOW64
2012-09-24 14:09:22 ----RD---- C:\Users
2012-09-22 12:12:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-09-19 19:34:11 ----D---- C:\ProgramData\tmp
2012-09-19 19:34:11 ----D---- C:\ProgramData\hps
2012-09-19 18:19:38 ----D---- C:\Program Files (x86)\Adobe
2012-09-18 23:29:42 ----D---- C:\ProgramData\Adobe
2012-09-18 18:02:39 ----D---- C:\Windows\Tasks
2012-09-17 14:47:47 ----D---- C:\Windows\winsxs
2012-09-16 18:01:54 ----RD---- C:\Program Files
2012-09-13 16:55:06 ----RSD---- C:\Windows\assembly
2012-09-13 16:28:31 ----D---- C:\Program Files (x86)\Common Files
2012-09-13 16:28:29 ----D---- C:\Program Files\Common Files
2012-09-13 03:18:03 ----D---- C:\Windows\system32\DriverStore
2012-09-13 03:02:41 ----D---- C:\Windows\system32\catroot
2012-09-13 03:00:40 ----A---- C:\Windows\system32\MRT.exe
2012-09-09 18:24:07 ----D---- C:\Windows\Logs
2012-09-09 17:58:18 ----D---- C:\Windows\SYSWOW64\drivers
2012-09-09 13:22:55 ----D---- C:\Windows\system32\LogFiles
2012-09-09 13:22:34 ----D---- C:\Windows\SYSWOW64\directx
2012-09-08 14:06:04 ----D---- C:\Program Files\ATI Technologies
2012-09-08 09:42:55 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-09-08 09:42:52 ----D---- C:\Program Files (x86)\Java
2012-09-05 18:05:12 ----D---- C:\Users\Ok\AppData\Roaming\DAEMON Tools Lite
2012-09-05 18:04:55 ----D---- C:\Windows\ModemLogs
2012-09-05 18:00:19 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2000-01-01 16440]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 187632]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-06-20 3678720]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 AVerAF15;AVerMedia BDA Digital Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2008-01-16 369024]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2000-01-01 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 21416]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2000-01-01 528384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 53376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2012-06-05 117080]
S3 X6va008;X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 AMD FUEL Service;AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R2 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-09-22 1701400]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-03-25 956192]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-12-01 322624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-09-17 76888]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2000-01-01 301568]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2009-07-12 1924400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 250288]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 113120]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]

-----------------EOF-----------------

[motji]

Hezké dopoledne

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[tinostar91]

ComboFix 12-09-29.01 - Ok . 09. 2012 8:47.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4092.2857 [GMT 2:00]
Running from: c:\users\Ok\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Temp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 06:54 . 2012-09-30 06:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-30 06:54 . 2012-09-30 06:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 15:19 . 2012-09-24 15:19 -------- d-----w- c:\users\Ok\AppData\Roaming\FreeImageConverter
2012-09-24 15:18 . 2012-09-24 15:18 -------- d-----w- c:\program files (x86)\FreeImageConverter
2012-09-24 12:22 . 2012-09-24 12:22 -------- d-----w- c:\programdata\AutoUpdate
2012-09-24 12:22 . 2012-09-24 12:22 -------- d-----w- c:\program files (x86)\Eltima Software
2012-09-24 12:09 . 2012-09-24 12:09 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-09-24 12:09 . 2012-09-24 12:09 -------- d-----w- c:\windows\SysWow64\Extensions
2012-09-24 12:09 . 2012-09-24 12:10 -------- d-----w- c:\users\Administrator
2012-09-22 12:34 . 2012-09-22 12:34 -------- d-----w- c:\users\Ok\AppData\Roaming\Songbird2
2012-09-22 07:35 . 2012-09-22 07:35 -------- d-----w- c:\programdata\Browser Manager
2012-09-22 07:34 . 2012-09-22 07:35 -------- d-----w- c:\users\Ok\AppData\Roaming\Babylon
2012-09-22 07:34 . 2012-09-22 07:34 -------- d-----w- c:\programdata\Babylon
2012-09-18 16:20 . 2012-09-18 16:20 -------- d-----w- c:\windows\SysWow64\Adobe
2012-09-18 16:02 . 2012-09-18 21:26 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-18 16:02 . 2012-09-18 21:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-16 15:17 . 2012-09-16 15:17 -------- d-----w- c:\users\Ok\AppData\Local\RawTherapee4.0
2012-09-16 11:41 . 2012-09-16 11:41 -------- d-----w- c:\users\Ok\AppData\Roaming\dvdcss
2012-09-16 11:41 . 2012-09-16 11:41 -------- d-----w- c:\users\Ok\AppData\Roaming\Digiarty
2012-09-13 17:45 . 2012-09-30 06:35 -------- d-----w- c:\users\Ok\AppData\Local\TSVNCache
2012-09-13 17:44 . 2009-09-29 18:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-09-13 17:44 . 2008-12-04 19:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-09-13 17:44 . 2008-10-08 08:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2012-09-13 17:44 . 2012-09-20 15:14 -------- d-----w- c:\program files (x86)\iWisoft Free Video Converter
2012-09-13 14:56 . 2012-09-16 14:53 -------- d-----w- c:\programdata\TrackMania
2012-09-13 14:51 . 2012-09-13 14:53 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-09-13 14:37 . 2012-09-13 14:47 -------- d-----w- c:\users\Ok\AppData\Roaming\TortoiseSVN
2012-09-13 14:28 . 2012-09-13 14:28 -------- d-----w- c:\users\Ok\AppData\Roaming\Subversion
2012-09-13 14:28 . 2012-09-13 14:28 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-09-13 14:28 . 2012-09-13 14:28 -------- d-----w- c:\program files\TortoiseSVN
2012-09-13 14:28 . 2012-09-13 14:28 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-09-12 13:01 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:01 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:01 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:01 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:01 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:01 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 15:58 . 2012-09-09 16:01 -------- d-----w- c:\users\Ok\AppData\Roaming\WinMount
2012-09-09 15:58 . 2012-09-09 15:58 65856 ----a-w- c:\windows\SysWow64\drivers\WMDrive.sys
2012-09-09 11:27 . 2012-09-17 12:50 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-09 11:27 . 2012-09-17 12:50 -------- d-----w- c:\users\Ok\AppData\Local\PunkBuster
2012-09-09 11:25 . 2012-09-09 11:25 -------- d-----w- c:\users\Ok\AppData\Local\SCE
2012-09-09 11:24 . 2012-09-09 11:24 -------- d-----w- c:\program files (x86)\AMD
2012-09-09 11:24 . 2012-09-09 11:24 -------- d-----w- c:\users\Ok\AppData\Local\Downloaded Installations
2012-09-09 11:23 . 2012-09-17 12:50 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-09 11:23 . 2012-09-17 12:47 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-09 11:22 . 2012-09-17 12:47 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-09 11:22 . 2012-09-09 11:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-09-09 06:33 . 2012-09-09 06:33 -------- d-----w- c:\programdata\AMD
2012-09-08 12:06 . 2012-09-08 12:06 -------- d-----w- c:\program files (x86)\AMD APP
2012-09-08 12:05 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-09-08 11:03 . 2012-09-08 11:03 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-08 11:03 . 2012-09-28 15:13 -------- d-----w- c:\program files (x86)\Steam
2012-09-08 07:43 . 2012-09-08 07:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-08 07:43 . 2012-09-08 07:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 07:43 . 2012-09-08 07:42 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 16:52 . 2012-09-03 16:52 -------- d-----w- c:\programdata\B1 Free Archiver
2012-09-03 16:52 . 2012-09-03 16:52 -------- d-----w- c:\program files (x86)\B1 Free Archiver
2012-09-03 16:50 . 2012-09-03 16:50 -------- d-----w- c:\program files (x86)\FireArc Arcade
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 01:00 . 2012-04-20 08:58 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-08 07:42 . 2012-04-22 08:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 15:04 . 2012-05-26 08:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 18:15 . 2012-08-15 06:11 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 15:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 06:11 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 06:11 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 06:11 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 06:11 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 250288]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 113120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-06-05 117080]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-09-22 1701400]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-01-16 369024]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39464]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2000-01-01 53376]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 21:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1128448]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = local
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{809F38D0-F647-48B3-9BA0-07232C1C42C6}: NameServer = 213.151.236.74,213.151.236.66
TCP: Interfaces\{998596A7-0EDE-4036-84DF-16843315CA10}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114874&tt=120912_cpc_3812_5&babsrc=HP_ss&mntrId=dcca00800000000000000027133f1779
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-Bus Driver_is1 - h:\bus driver\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 08:58:48
ComboFix-quarantined-files.txt 2012-09-30 06:58
.
Pre-Run: 147 151 138 816 bytes free
Post-Run: 148 019 298 304 bytes free
.
- - End Of File - - 0346D99E3B0142642223801CFC342CF1

[motji]

Nemám po ruce svoje návody, ale skript na combofix už umíte, ne?
Vytvořte skript s tímto textem

Firefox::
FF - ProfilePath - c:\users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114874 ... 27133f1779

DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm

File::
c:\windows\SysWOW64\Drivers\X6va008.sys

Driver::
X6va008