asi virus MSIL/Packed.Confuser.B

[megicz]

zdravim,asi sem chytnul tuhle mrsku,google chrome mi obcas sam zniceho nic otevre hxxp://da6abc6c.ultrafiles.net/ ,akorat sem nikde nenasel jak to resit,tak sem tady u mistru remesla predem dekuji za reseni.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Megi at 2012-11-29 16:24:24
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 62 GB (13%) free of 477 GB
Total RAM: 3959 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:30, on 29.11.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hitman Absolution\HMA.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Megi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [THotkey] C:\Program Files (x86)\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Windows Explorer] C:\Users\Megi\Drivers\msconfig.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Megi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows Explorer] C:\Users\Megi\Drivers\msconfig.exe
O4 - HKCU\..\Run: [winsvchost] C:\Users\Megi\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe
O4 - HKCU\..\Run: [CMDHost] "C:\Users\Megi\AppData\Roaming\CMDHost0.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files (x86)\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8630 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 25019088
\??\C:\Windows\system32\conhost.exe "-1863380841357019555-52950179812541876031546380401-107825995221115499171389975034
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe"
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Applet\THotkey.exe"
"C:\Users\Megi\Drivers\explorer.exe"
"C:\Users\Megi\msdata\explorer.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\AUDIODG.EXE 0x878
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3296.1.2113914164\1046161981" --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.911.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="3296.2.821028560\1978448240" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.3.640529513\1513026476" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3296.5.78544530\1620267017" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Hitman Absolution\HMA.exe"
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.13.1920599683\2095466216" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.14.832072563\1045299541" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.15.543710240\100124330" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.16.635897046\1683335040" /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.18.688331432\649779073" /prefetch:3
"C:\Users\Megi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_43/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3296.19.95817425\172675143" /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Megi\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Megi\AppData\Roaming\Mozilla\Firefox\Profiles\snc5kg6r.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1573160]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-10-26 911160]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-14 6325424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Megi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02 116648]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2012-10-07 1353080]
"Windows Explorer"=C:\Users\Megi\Drivers\msconfig.exe [2012-11-18 102912]
"winsvchost"=C:\Users\Megi\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe [2012-11-22 56832]
"CMDHost"=C:\Users\Megi\AppData\Roaming\CMDHost0.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"THotkey"=C:\Program Files (x86)\Toshiba\Toshiba Applet\thotkey.exe [2008-08-30 360448]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Windows Explorer"=C:\Users\Megi\Drivers\msconfig.exe [2012-11-18 102912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-29 16:24:25 ----D---- C:\Program Files\trend micro
2012-11-29 16:24:24 ----D---- C:\rsit
2012-11-29 14:22:35 ----D---- C:\Users\Megi\AppData\Roaming\HEWGBhyj HJERe
2012-11-28 22:40:19 ----D---- C:\Program Files (x86)\Hitman Absolution
2012-11-25 20:13:27 ----D---- C:\Users\Megi\AppData\Roaming\ATI
2012-11-25 20:13:27 ----D---- C:\ProgramData\ATI
2012-11-20 14:14:24 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-11-20 14:14:24 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-11-20 13:51:44 ----D---- C:\Program Files (x86)\Ubisoft
2012-11-20 13:34:01 ----D---- C:\Users\Megi\AppData\Roaming\ESET
2012-11-20 13:31:24 ----D---- C:\ProgramData\ESET
2012-11-20 13:31:24 ----D---- C:\Program Files\ESET
2012-11-20 12:41:37 ----RASH---- C:\setup.exe
2012-11-20 11:55:03 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-11-20 11:55:00 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-11-17 01:04:20 ----A---- C:\Windows\system32\Wdfres.dll
2012-11-17 01:04:20 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2012-11-17 01:04:20 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2012-11-17 01:02:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-11-17 01:02:40 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-17 01:02:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-11-17 01:02:39 ----A---- C:\Windows\SYSWOW64\url.dll
2012-11-17 01:02:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-11-17 01:02:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-11-17 01:02:39 ----A---- C:\Windows\system32\url.dll
2012-11-17 01:02:39 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-17 01:02:39 ----A---- C:\Windows\system32\ieui.dll
2012-11-17 01:02:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-11-17 01:02:38 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-11-17 01:02:38 ----A---- C:\Windows\system32\urlmon.dll
2012-11-17 01:02:38 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-17 01:02:38 ----A---- C:\Windows\system32\jscript9.dll
2012-11-17 01:02:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-11-17 01:02:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-11-17 01:02:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-11-17 01:02:37 ----A---- C:\Windows\system32\wininet.dll
2012-11-17 01:02:37 ----A---- C:\Windows\system32\vbscript.dll
2012-11-17 01:02:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-17 01:02:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-11-17 01:02:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-11-17 01:02:36 ----A---- C:\Windows\system32\jscript.dll
2012-11-17 01:02:36 ----A---- C:\Windows\system32\iertutil.dll
2012-11-17 01:02:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-11-17 01:02:34 ----A---- C:\Windows\system32\mshtml.dll
2012-11-17 01:02:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-11-17 01:02:33 ----A---- C:\Windows\system32\ieframe.dll
2012-11-17 00:58:59 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-11-17 00:58:59 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-11-17 00:58:59 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-11-17 00:58:59 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-11-17 00:58:58 ----A---- C:\Windows\system32\WUDFx.dll
2012-11-17 00:58:58 ----A---- C:\Windows\system32\WUDFHost.exe
2012-11-17 00:58:58 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-11-16 13:58:16 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2012-11-16 13:58:16 ----A---- C:\Windows\SYSWOW64\netevent.dll
2012-11-16 13:58:16 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2012-11-16 13:58:16 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\nlasvc.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\nlaapi.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\netevent.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\netcorehc.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\ncsi.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-11-16 13:58:16 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2012-11-16 13:58:16 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-11-16 13:57:51 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2012-11-16 13:57:51 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2012-11-16 13:57:51 ----A---- C:\Windows\system32\dhcpcore6.dll
2012-11-16 13:57:50 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2012-11-16 13:57:48 ----A---- C:\Windows\system32\win32k.sys
2012-11-16 13:57:47 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-16 13:57:47 ----A---- C:\Windows\system32\synceng.dll
2012-11-14 19:27:56 ----D---- C:\Program Files (x86)\Electronic Arts
2012-11-10 17:48:53 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-11-10 14:37:52 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-11-10 14:37:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-11-10 14:37:52 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-11-10 14:37:52 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-11-10 14:37:51 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-11-10 14:37:51 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-11-10 14:37:44 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-11-10 14:37:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-11-10 14:37:42 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-11-10 14:37:41 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-11-10 14:37:41 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-11-10 14:37:40 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-11-10 14:37:40 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-11-10 14:37:35 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-11-10 14:37:34 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-11-10 14:37:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-11-10 14:37:34 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-11-10 14:37:34 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-11-10 14:37:33 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-11-10 14:37:33 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-11-10 14:37:32 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-11-10 14:37:32 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-11-10 14:37:31 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2012-11-10 14:37:31 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-11-10 14:37:30 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-11-10 14:37:30 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-11-10 14:37:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-11-10 14:37:28 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-11-10 14:37:26 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-11-10 14:37:26 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-11-10 14:37:26 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-11-10 14:37:26 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-11-10 14:37:24 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2012-11-10 14:37:24 ----A---- C:\Windows\system32\d3dx10_42.dll
2012-11-10 14:37:23 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-11-10 14:37:23 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-11-10 14:37:20 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2012-11-10 14:37:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2012-11-10 14:37:20 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-11-10 14:37:20 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-11-10 14:37:18 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-11-10 14:37:18 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-11-10 14:37:17 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-11-10 14:37:17 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2012-11-10 14:37:17 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-11-10 14:37:17 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-11-10 14:37:17 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-11-10 14:37:17 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-11-10 14:37:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-11-10 14:37:16 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-11-10 14:37:14 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-11-10 14:37:14 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-11-10 14:37:14 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-11-10 14:37:14 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-11-10 14:37:12 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-11-10 14:37:12 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-11-10 14:37:10 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-11-10 14:37:10 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-11-10 14:37:10 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-11-10 14:37:10 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-11-10 14:37:10 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-11-10 14:37:10 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-11-10 14:37:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-11-10 14:37:09 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-11-10 14:37:08 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-11-10 14:37:08 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-11-10 14:37:08 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-11-10 14:37:08 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-11-10 14:37:06 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-11-10 14:37:06 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-11-10 14:37:06 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-11-10 14:37:06 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-11-10 14:37:03 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-11-10 14:37:02 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-11-10 14:37:02 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-11-10 14:37:02 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-11-10 14:37:02 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-11-10 14:37:02 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-11-10 14:37:02 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-11-10 14:37:01 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-11-10 14:37:01 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-11-10 14:36:59 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-11-10 14:36:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-11-10 14:36:59 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-11-10 14:36:59 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-11-10 14:36:56 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-11-10 14:36:56 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-11-10 14:36:56 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-11-10 14:36:56 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-11-10 14:36:55 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-11-10 14:36:55 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-11-10 14:36:55 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-11-10 14:36:55 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-11-10 14:36:52 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-11-10 14:36:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-11-10 14:36:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-11-10 14:36:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-11-10 14:36:50 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-11-10 14:36:50 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-11-10 14:36:49 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-11-10 14:36:49 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-11-10 14:36:46 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-11-10 14:36:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-11-10 14:36:46 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-11-10 14:36:46 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-11-10 14:36:44 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-11-10 14:36:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-11-10 14:36:43 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-11-10 14:36:43 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-11-10 14:36:42 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-11-10 14:36:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-11-10 14:36:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-11-10 14:36:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-11-10 14:36:40 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-11-10 14:36:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-11-10 14:36:40 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-11-10 14:36:40 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-11-10 14:36:40 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-11-10 14:36:40 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-11-10 14:36:38 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-11-10 14:36:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-11-10 14:36:38 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-11-10 14:36:38 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-11-10 14:36:35 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-11-10 14:36:35 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-11-10 14:36:34 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-11-10 14:36:34 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-11-10 14:36:34 ----A---- C:\Windows\system32\xinput1_3.dll
2012-11-10 14:36:34 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-11-10 14:36:33 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-11-10 14:36:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-11-10 14:36:33 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-11-10 14:36:33 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-11-10 14:36:31 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-11-10 14:36:31 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-11-10 14:36:30 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-11-10 14:36:30 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-11-10 14:36:29 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-11-10 14:36:29 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-11-10 14:36:28 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-11-10 14:36:28 ----A---- C:\Windows\system32\d3dx10.dll
2012-11-10 14:36:26 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2012-11-10 14:36:26 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-11-10 14:36:25 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-11-10 14:36:25 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-11-10 14:36:25 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-11-10 14:36:25 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-11-10 14:36:23 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-11-10 14:36:23 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-11-10 14:36:23 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-11-10 14:36:23 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-11-10 14:36:22 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-11-10 14:36:22 ----A---- C:\Windows\system32\xinput1_2.dll
2012-11-10 14:36:21 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-11-10 14:36:21 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-11-10 14:36:21 ----A---- C:\Windows\system32\xinput1_1.dll
2012-11-10 14:36:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-11-10 14:36:19 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-11-10 14:36:19 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-11-10 14:36:08 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-11-10 14:36:08 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-11-10 14:36:07 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-11-10 14:36:07 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-11-10 14:36:07 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-11-10 14:36:07 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-11-10 14:36:05 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-11-10 14:36:05 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-11-10 14:36:02 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-11-10 14:36:02 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-11-10 14:36:01 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-11-10 14:36:01 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-11-10 14:35:59 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-11-10 14:35:59 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-11-10 14:35:57 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-11-10 14:35:57 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-11-10 14:35:55 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-11-10 14:35:55 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-11-10 14:08:25 ----D---- C:\Program Files (x86)\Medal of Honor Warfighter
2012-11-06 22:27:40 ----D---- C:\Program Files (x86)\EA Games
2012-11-04 13:32:40 ----D---- C:\Windows\system32\appmgmt
2012-11-03 18:18:00 ----D---- C:\Users\Megi\AppData\Roaming\Skype
2012-11-03 18:17:42 ----D---- C:\ProgramData\Skype

======List of files/folders modified in the last 1 month======

2012-11-29 16:24:30 ----D---- C:\Windows\Prefetch
2012-11-29 16:24:27 ----D---- C:\Windows\Temp
2012-11-29 16:24:25 ----RD---- C:\Program Files
2012-11-29 14:34:45 ----D---- C:\Windows\system32\config
2012-11-29 14:25:49 ----D---- C:\Windows\System32
2012-11-29 14:25:49 ----D---- C:\Windows\inf
2012-11-29 14:25:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-29 14:21:48 ----D---- C:\Program Files (x86)\Steam
2012-11-29 00:08:02 ----D---- C:\Windows\winsxs
2012-11-29 00:07:57 ----D---- C:\Windows\AppPatch
2012-11-29 00:07:43 ----SHD---- C:\System Volume Information
2012-11-28 22:42:07 ----D---- C:\Users\Megi\AppData\Roaming\uTorrent
2012-11-28 22:40:19 ----RD---- C:\Program Files (x86)
2012-11-28 14:51:13 ----D---- C:\ProgramData\PMB Files
2012-11-28 14:23:22 ----D---- C:\Windows\system32\catroot
2012-11-28 14:23:21 ----D---- C:\Windows\system32\catroot2
2012-11-25 20:13:27 ----HD---- C:\ProgramData
2012-11-24 21:47:55 ----D---- C:\Users\Megi\AppData\Roaming\TS3Client
2012-11-24 12:49:44 ----D---- C:\Windows\system32\NDF
2012-11-21 15:49:17 ----D---- C:\Windows\system32\wdi
2012-11-21 15:47:15 ----D---- C:\Windows\Minidump
2012-11-21 15:47:10 ----D---- C:\Windows
2012-11-20 17:09:57 ----D---- C:\Users\Megi\AppData\Roaming\Identities
2012-11-20 15:03:23 ----SHD---- C:\Windows\Installer
2012-11-20 14:47:37 ----RSD---- C:\Windows\assembly
2012-11-20 14:17:35 ----D---- C:\Users\Megi\AppData\Roaming\DAEMON Tools Lite
2012-11-20 14:14:24 ----D---- C:\Windows\SysWOW64
2012-11-20 13:49:59 ----D---- C:\Windows\Logs
2012-11-20 13:48:04 ----D---- C:\Users\Megi\AppData\Roaming\AIMP3
2012-11-20 13:46:14 ----D---- C:\Windows\debug
2012-11-20 13:33:22 ----D---- C:\Windows\system32\DriverStore
2012-11-20 13:33:22 ----D---- C:\Windows\system32\drivers
2012-11-20 13:14:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-11-20 13:04:34 ----D---- C:\Program Files (x86)\CheckPoint
2012-11-20 11:55:13 ----D---- C:\Windows\system32\LogFiles
2012-11-20 02:46:02 ----D---- C:\Windows\rescache
2012-11-18 13:38:59 ----D---- C:\Windows\Microsoft.NET
2012-11-17 13:00:22 ----D---- C:\Windows\SYSWOW64\en-US
2012-11-17 13:00:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-11-17 13:00:22 ----D---- C:\Windows\system32\cs-CZ
2012-11-17 13:00:21 ----D---- C:\Windows\system32\wbem
2012-11-17 13:00:21 ----D---- C:\Windows\system32\en-US
2012-11-17 13:00:21 ----D---- C:\Windows\system32\drivers\en-US
2012-11-17 13:00:21 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-11-17 13:00:19 ----D---- C:\Windows\SYSWOW64\migration
2012-11-17 13:00:19 ----D---- C:\Windows\PolicyDefinitions
2012-11-17 13:00:18 ----D---- C:\Windows\system32\migration
2012-11-17 13:00:18 ----D---- C:\Program Files (x86)\Internet Explorer
2012-11-17 13:00:16 ----D---- C:\Program Files\Internet Explorer
2012-11-17 13:00:12 ----RSD---- C:\Windows\Fonts
2012-11-17 01:07:47 ----D---- C:\ProgramData\Microsoft Help
2012-11-17 00:59:38 ----A---- C:\Windows\system32\MRT.exe
2012-11-17 00:58:23 ----A---- C:\Windows\win.ini
2012-11-14 22:32:46 ----D---- C:\Users\Megi\AppData\Roaming\vlc
2012-11-14 19:27:56 ----D---- C:\Program Files (x86)\Common Files
2012-11-14 19:27:38 ----RD---- C:\Users
2012-11-13 21:32:32 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-11-10 17:49:02 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-02 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 189208]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2012-09-02 3058168]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-03-31 724536]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 8704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 260144]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-11-20 75136]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2008-04-14 34304]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-10-25 529744]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139680]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139680]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139680]

-----------------EOF-----------------

[Rudy]

Také zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[megicz]

ComboFix 12-11-29.02 - Megi 29.11.2012 22:26:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.3959.2789 [GMT 1:00]
Spuštěný z: c:\users\Megi\Downloads\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
C:\setup.exe
c:\users\Megi\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\tep512700
c:\users\Megi\Documents\Windows\phatk.cl
c:\users\Megi\drivers\explorer.exe
c:\users\Megi\Drivers\msconfig.exe
c:\users\Megi\msdata
c:\users\Megi\msdata\iexplorer.exe
c:\users\Megi\msdata\winexplorer.exe
c:\windows\SysWow64\tmpFB24.tmp
c:\windows\SysWow64\tmpFC0F.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-28 do 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 21:33 . 2012-11-29 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 15:24 . 2012-11-29 15:24 -------- d-----w- c:\program files\trend micro
2012-11-29 15:24 . 2012-11-29 15:24 -------- d-----w- C:\rsit
2012-11-29 13:22 . 2012-11-29 13:22 -------- d-----w- c:\users\Megi\AppData\Roaming\HEWGBhyj HJERe
2012-11-28 21:40 . 2012-11-28 22:23 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-27 14:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E70D38E-A44B-4A25-9BBA-F7EA0346984B}\mpengine.dll
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\users\Megi\AppData\Roaming\ATI
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\users\Megi\AppData\Local\ATI
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\programdata\ATI
2012-11-21 14:20 . 2012-11-21 14:20 -------- d-sh--w- c:\users\Megi\Userdata
2012-11-20 13:14 . 2012-11-20 13:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-20 13:14 . 2012-11-20 13:48 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-20 12:51 . 2012-11-20 13:45 -------- d-----w- c:\program files (x86)\Ubisoft
2012-11-20 12:34 . 2012-11-20 12:34 -------- d-----w- c:\users\Megi\AppData\Local\ESET
2012-11-20 12:31 . 2012-11-20 12:31 -------- d-----w- c:\program files\ESET
2012-11-20 11:41 . 2012-11-29 21:32 -------- d-sh--w- c:\users\Megi\Drivers
2012-11-20 11:30 . 2012-11-20 14:27 -------- d-----w- c:\users\Megi\AppData\Local\Ubisoft Game Launcher
2012-11-20 10:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-20 10:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-11-17 00:04 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-17 00:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 00:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 00:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-17 00:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 23:58 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 23:58 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 23:58 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 23:58 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 23:58 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 23:58 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 23:58 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 12:58 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 12:58 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 12:58 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 12:58 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 12:58 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 12:58 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 12:58 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 12:58 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-16 12:58 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-16 12:58 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-16 12:58 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 12:58 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-16 12:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 12:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 12:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 12:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 12:57 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 12:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 12:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 18:21 . 2012-11-15 18:21 -------- d-----w- c:\users\Megi\AppData\Local\SWTOR
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\users\hedev
2012-11-10 16:48 . 2012-11-10 16:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-10 13:36 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-11-10 13:35 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-11-10 13:35 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-11-10 13:35 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-11-10 13:35 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-11-10 13:08 . 2012-11-10 14:22 -------- d-----w- c:\program files (x86)\Medal of Honor Warfighter
2012-11-06 21:27 . 2012-11-06 21:27 -------- d-----w- c:\program files (x86)\EA Games
2012-11-04 12:32 . 2012-11-04 12:32 -------- d-----w- c:\windows\system32\appmgmt
2012-11-03 17:18 . 2012-11-04 12:32 -------- d-----w- c:\users\Megi\AppData\Roaming\Skype
2012-11-03 17:17 . 2012-11-04 12:32 -------- d-----w- c:\programdata\Skype
2012-11-03 13:42 . 2012-11-03 13:42 -------- d-----w- c:\users\Megi\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 23:59 . 2012-09-02 15:30 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-29 18:19 . 2012-10-29 18:19 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-29 18:19 . 2012-10-29 18:19 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-29 18:19 . 2012-10-29 18:19 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-29 18:19 . 2012-10-29 18:19 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-28 13:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-09-14 19:19 . 2012-10-10 21:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 21:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-02 20:12 . 2012-09-02 20:12 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 20:12 . 2012-09-02 20:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 19:12 . 2012-09-02 19:12 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-02 15:51 . 2012-09-02 15:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-02 15:51 . 2012-09-02 15:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-02 15:51 . 2012-09-02 15:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-02 15:51 . 2012-09-02 15:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-02 15:51 . 2012-09-02 15:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-02 15:51 . 2012-09-02 15:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-02 15:51 . 2012-09-02 15:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-02 15:51 . 2012-09-02 15:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-02 15:51 . 2012-09-02 15:51 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-02 15:51 . 2012-09-02 15:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-02 15:51 . 2012-09-02 15:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-02 15:51 . 2012-09-02 15:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-02 15:51 . 2012-09-02 15:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-02 15:51 . 2012-09-02 15:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-02 15:51 . 2012-09-02 15:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-02 15:51 . 2012-09-02 15:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-02 15:51 . 2012-09-02 15:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-02 15:51 . 2012-09-02 15:51 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-02 15:51 . 2012-09-02 15:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-02 15:51 . 2012-09-02 15:51 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-02 15:51 . 2012-09-02 15:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-02 15:51 . 2012-09-02 15:51 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-02 15:51 . 2012-09-02 15:51 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-02 15:51 . 2012-09-02 15:51 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-02 15:51 . 2012-09-02 15:51 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-02 15:51 . 2012-09-02 15:51 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-02 15:51 . 2012-09-02 15:51 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-02 15:51 . 2012-09-02 15:51 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-02 15:51 . 2012-09-02 15:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-02 15:51 . 2012-09-02 15:51 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-02 15:51 . 2012-09-02 15:51 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-02 15:51 . 2012-09-02 15:51 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-02 15:51 . 2012-09-02 15:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-02 15:51 . 2012-09-02 15:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-02 15:51 . 2012-09-02 15:51 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-02 15:51 . 2012-09-02 15:51 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-02 15:51 . 2012-09-02 15:51 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-02 15:51 . 2012-09-02 15:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-02 15:51 . 2012-09-02 15:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-02 15:51 . 2012-09-02 15:51 448512 ----a-w- c:\windows\system32\html.iec
2012-09-02 15:51 . 2012-09-02 15:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-02 15:51 . 2012-09-02 15:51 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-02 15:51 . 2012-09-02 15:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-02 15:51 . 2012-09-02 15:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-02 15:51 . 2012-09-02 15:51 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-02 15:51 . 2012-09-02 15:51 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-02 15:51 . 2012-09-02 15:51 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-02 15:51 . 2012-09-02 15:51 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-02 15:51 . 2012-09-02 15:51 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-02 15:05 . 2012-09-02 15:05 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-09-02 15:05 . 2012-09-02 15:05 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-02 15:05 . 2012-09-02 15:05 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-09-02 15:05 . 2012-09-02 15:05 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-09-02 15:05 . 2012-09-02 15:05 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-09-02 14:36 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-09-02 14:36 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-09-02 14:36 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-09-02 14:36 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-09-02 14:36 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-09-02 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-09-02 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"THotkey"="c:\program files (x86)\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 8704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000Core.job
- c:\users\Megi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02 16:45]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000UA.job
- c:\users\Megi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02 16:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-14 6325424]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Megi\AppData\Roaming\Mozilla\Firefox\Profiles\snc5kg6r.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-CMDHost - c:\users\Megi\AppData\Roaming\CMDHost0.exe
Wow6432Node-HKLM-Run-Windows Explorer - c:\users\Megi\Drivers\msconfig.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-11-29 22:35:29
ComboFix-quarantined-files.txt 2012-11-29 21:35
.
Před spuštěním: Volných bajtů: 79 411 556 352
Po spuštění: Volných bajtů: 79 158 325 248
.
- - End Of File - - 75250CBE9A84E1A1D0A7710525033D05

[Rudy]

Ještě dosčistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\users\Megi\AppData\Roaming\HEWGBhyj HJERe

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[megicz]

tady je novej log


ComboFix 12-11-30.02 - Megi 30.11.2012 16:15:49.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.3959.2428 [GMT 1:00]
Spuštěný z: c:\users\Megi\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Megi\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Megi\AppData\Roaming\HEWGBhyj HJERe
c:\users\Megi\AppData\Roaming\HEWGBhyj HJERe\uehUR eURhfuiejeu kreererte\.cache\opencl_Cedar_2769795612
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560245402-326876399-3845076878-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-28 do 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 15:22 . 2012-11-30 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 15:03 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05F2B0A0-9F21-42A2-ADF6-BA84B15DB351}\mpengine.dll
2012-11-29 15:24 . 2012-11-29 15:24 -------- d-----w- c:\program files\trend micro
2012-11-29 15:24 . 2012-11-29 15:24 -------- d-----w- C:\rsit
2012-11-28 21:40 . 2012-11-28 22:23 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\users\Megi\AppData\Roaming\ATI
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\users\Megi\AppData\Local\ATI
2012-11-25 19:13 . 2012-11-25 19:13 -------- d-----w- c:\programdata\ATI
2012-11-21 14:20 . 2012-11-21 14:20 -------- d-sh--w- c:\users\Megi\Userdata
2012-11-20 13:14 . 2012-11-20 13:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-20 13:14 . 2012-11-20 13:48 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-20 12:51 . 2012-11-20 13:45 -------- d-----w- c:\program files (x86)\Ubisoft
2012-11-20 12:34 . 2012-11-20 12:34 -------- d-----w- c:\users\Megi\AppData\Local\ESET
2012-11-20 12:31 . 2012-11-20 12:31 -------- d-----w- c:\program files\ESET
2012-11-20 11:41 . 2012-11-29 21:32 -------- d-sh--w- c:\users\Megi\Drivers
2012-11-20 11:30 . 2012-11-20 14:27 -------- d-----w- c:\users\Megi\AppData\Local\Ubisoft Game Launcher
2012-11-20 10:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-20 10:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-11-17 00:04 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-17 00:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 00:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 00:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-17 00:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 23:58 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 23:58 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 23:58 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 23:58 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 23:58 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 23:58 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 23:58 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 12:58 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 12:58 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 12:58 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 12:58 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 12:58 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 12:58 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 12:58 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 12:58 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-16 12:58 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-16 12:58 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-16 12:58 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 12:58 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-16 12:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 12:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 12:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 12:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 12:57 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 12:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 12:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 18:21 . 2012-11-15 18:21 -------- d-----w- c:\users\Megi\AppData\Local\SWTOR
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-11-14 18:27 . 2012-11-14 18:27 -------- d-----w- c:\users\hedev
2012-11-10 16:48 . 2012-11-10 16:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-10 13:36 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-11-10 13:35 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-11-10 13:35 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-11-10 13:35 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-11-10 13:35 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-11-10 13:08 . 2012-11-10 14:22 -------- d-----w- c:\program files (x86)\Medal of Honor Warfighter
2012-11-06 21:27 . 2012-11-06 21:27 -------- d-----w- c:\program files (x86)\EA Games
2012-11-04 12:32 . 2012-11-04 12:32 -------- d-----w- c:\windows\system32\appmgmt
2012-11-03 17:18 . 2012-11-04 12:32 -------- d-----w- c:\users\Megi\AppData\Roaming\Skype
2012-11-03 17:17 . 2012-11-04 12:32 -------- d-----w- c:\programdata\Skype
2012-11-03 13:42 . 2012-11-03 13:42 -------- d-----w- c:\users\Megi\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 23:59 . 2012-09-02 15:30 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-29 18:19 . 2012-10-29 18:19 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-29 18:19 . 2012-10-29 18:19 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-29 18:19 . 2012-10-29 18:19 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-29 18:19 . 2012-10-29 18:19 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-28 13:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-09-14 19:19 . 2012-10-10 21:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 21:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-02 20:12 . 2012-09-02 20:12 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 20:12 . 2012-09-02 20:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 19:12 . 2012-09-02 19:12 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-02 15:51 . 2012-09-02 15:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-02 15:51 . 2012-09-02 15:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-02 15:51 . 2012-09-02 15:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-02 15:51 . 2012-09-02 15:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-02 15:51 . 2012-09-02 15:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-02 15:51 . 2012-09-02 15:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-02 15:51 . 2012-09-02 15:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-02 15:51 . 2012-09-02 15:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-02 15:51 . 2012-09-02 15:51 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-02 15:51 . 2012-09-02 15:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-02 15:51 . 2012-09-02 15:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-02 15:51 . 2012-09-02 15:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-02 15:51 . 2012-09-02 15:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-02 15:51 . 2012-09-02 15:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-02 15:51 . 2012-09-02 15:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-02 15:51 . 2012-09-02 15:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-02 15:51 . 2012-09-02 15:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-02 15:51 . 2012-09-02 15:51 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-02 15:51 . 2012-09-02 15:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-02 15:51 . 2012-09-02 15:51 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-02 15:51 . 2012-09-02 15:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-02 15:51 . 2012-09-02 15:51 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-02 15:51 . 2012-09-02 15:51 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-02 15:51 . 2012-09-02 15:51 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-02 15:51 . 2012-09-02 15:51 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-02 15:51 . 2012-09-02 15:51 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-02 15:51 . 2012-09-02 15:51 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-02 15:51 . 2012-09-02 15:51 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-02 15:51 . 2012-09-02 15:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-02 15:51 . 2012-09-02 15:51 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-02 15:51 . 2012-09-02 15:51 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-02 15:51 . 2012-09-02 15:51 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-02 15:51 . 2012-09-02 15:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-02 15:51 . 2012-09-02 15:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-02 15:51 . 2012-09-02 15:51 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-02 15:51 . 2012-09-02 15:51 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-02 15:51 . 2012-09-02 15:51 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-02 15:51 . 2012-09-02 15:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-02 15:51 . 2012-09-02 15:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-02 15:51 . 2012-09-02 15:51 448512 ----a-w- c:\windows\system32\html.iec
2012-09-02 15:51 . 2012-09-02 15:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-02 15:51 . 2012-09-02 15:51 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-02 15:51 . 2012-09-02 15:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-02 15:51 . 2012-09-02 15:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-02 15:51 . 2012-09-02 15:51 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-02 15:51 . 2012-09-02 15:51 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-02 15:51 . 2012-09-02 15:51 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-02 15:51 . 2012-09-02 15:51 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-02 15:51 . 2012-09-02 15:51 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-02 15:05 . 2012-09-02 15:05 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-09-02 15:05 . 2012-09-02 15:05 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-02 15:05 . 2012-09-02 15:05 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-09-02 15:05 . 2012-09-02 15:05 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-09-02 15:05 . 2012-09-02 15:05 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-09-02 14:36 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-09-02 14:36 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-09-02 14:36 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-09-02 14:36 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-09-02 14:36 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-09-02 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-09-02 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"THotkey"="c:\program files (x86)\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 8704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-14 6325424]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Megi\AppData\Roaming\Mozilla\Firefox\Profiles\snc5kg6r.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\users\Megi\AppData\Local\Google\Update\GoogleUpdate.exe
c:\users\Megi\AppData\Local\Google\Update\Install\{EE75FC38-44F8-4361-8690-5F23965CD0B2}\23.0.1271.95_23.0.1271.91_chrome_updater.exe
c:\users\Megi\AppData\Local\Temp\CR_1DE70.tmp\setup.exe
.
**************************************************************************
.
Celkový čas: 2012-11-30 16:28:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-30 15:28
ComboFix2.txt 2012-11-29 21:35
.
Před spuštěním: Volných bajtů: 78 908 686 336
Po spuštění: Volných bajtů: 78 190 456 832
.
- - End Of File - - 21469E3ED9CECCBA6F0C71AE00BB5FEE


snad uz to bude OK moc moc moc dekuju za pomoc,at se vam dari

[Rudy]

Log již vypadá čistý. Děkujeme za přání a vy nemáte zač!