Mám volnyho už jen pár MB, složka temp a podobny věci jsou smazany. Nemam nic moc co by zabiralo misto a prece zadny uz neni. Tady je RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by McDan at 2012-12-24 14:25:15
Microsoft Windows 7 Ultimate
System drive C: has 135 MB (0%) free of 51 GB
Total RAM: 4087 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:22, on 24.12.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files (x86)\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\McDan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [rpcproc.exe] C:\Users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe
O4 - HKCU\..\Run: [RGSC] D:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Using &BitSpirit - D:\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download With Album Copier - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - E:\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {208413D2-71EE-4052-9C8B-A4F8C6278E64} - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Download With Album Copier - {208413D2-71EE-4052-9C8B-A4F8C6278E64} - C:\Program Files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16934 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"C:\Program Files\Logitech\G-series Software\LCDMon.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe"
"C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe"
"C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe"
"C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Zune\ZuneLauncher.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:1100
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\ObjectDock\ObjectDock.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" -hide
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ObjectDock\Dock64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="5864.0.324200359\68045711" /prefetch:3
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="5864.1.783060268\1292531920" /prefetch:3
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="5864.2.1804625088\1768535346" /prefetch:3
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5864.4.1267083637\485501158" --gpu-vendor-id=0x1002 --gpu-device-id=0x6899 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=9.2.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5864.7.1420144863\574593207" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\McDan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll" --lang=cs --channel="5864.8.871964209\1206330651" /prefetch:4
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="5864.12.1353386281\200842862" /prefetch:3
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="5864.13.634591680\804280913" /prefetch:3
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Users\McDan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="5864.15.1269515612\497402439" /prefetch:3
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {649B8C48-2632-4EE5-8FD1-B9E684990F78}
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\McDan\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default
prefs.js - "browser.startup.homepage" - "www.google.cz/ig"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {44658024-1a78-446b-90c0-ce912bf6f44b}:2.7.2.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, refspoof@mozdev.org:0.9.5, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=E:\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=0.80.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\ProgramData\id Software\QuakeLive\npquakezero.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Games\Acrobat 9.0\Acrobat\Air\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npDivxPlayerPlugin.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\extensions\
engine@conduit.com
firefox@ghostery.com
istockzoom@kanjar.art.pl
refspoof@mozdev.org
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{44658024-1a78-446b-90c0-ce912bf6f44b}
{44658024-1a78-446b-90c0-ce912bf6f44b}-trash
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-12-13 6304016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-12-25 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25 329712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-12-13 4527888]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-12-25 798771]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2006-03-06 1777664]
"Launch LCDMon"=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2006-03-06 709120]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-09-03 11464296]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2680696]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2010-11-11 163568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"rpcproc.exe"=C:\Users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe [2010-05-07 43998]
"RGSC"=D:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-01-16 306088]
"ISUSPM Startup"=c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2011-12-16 7299536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\McDan\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^McDan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
C:\Users\McDan\AppData\Local\Facebook\MESSEN~1\204478~1.0\FACEBO~1.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2011-11-11 205336]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-09-28 642728]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\McDan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 76816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-11 249344]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\BitSpirit\BitSpirit.exe"="D:\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "D:\Games\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 month======
2012-12-24 14:23:38 ----D---- C:\Program Files (x86)\VideoLAN
2012-12-15 18:13:07 ----D---- C:\Program Files\iPod
2012-12-15 18:13:06 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 18:13:06 ----D---- C:\Program Files\iTunes
2012-12-08 01:32:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2012-12-24 14:25:22 ----D---- C:\Windows\Prefetch
2012-12-24 14:25:18 ----D---- C:\Program Files\trend micro
2012-12-24 14:25:17 ----D---- C:\Windows\temp
2012-12-24 14:24:51 ----D---- C:\Users\McDan\AppData\Roaming\vlc
2012-12-24 14:23:38 ----RD---- C:\Program Files (x86)
2012-12-24 14:21:47 ----D---- C:\Windows\system32\config
2012-12-24 14:19:36 ----D---- C:\temp
2012-12-24 14:05:55 ----D---- C:\ProgramData\NVIDIA
2012-12-22 17:37:46 ----SHD---- C:\System Volume Information
2012-12-20 18:53:06 ----D---- C:\Windows\System32
2012-12-20 18:53:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-16 01:00:08 ----D---- C:\Windows
2012-12-16 01:00:02 ----D---- C:\Windows\inf
2012-12-15 18:13:58 ----SHD---- C:\Windows\Installer
2012-12-15 18:13:26 ----D---- C:\Windows\SysWOW64
2012-12-15 18:13:07 ----RD---- C:\Program Files
2012-12-15 18:13:06 ----D---- C:\ProgramData
2012-12-13 21:14:54 ----D---- C:\Windows\system32\Tasks
2012-12-13 20:10:08 ----D---- C:\ProgramData\Skype
2012-12-12 16:42:44 ----D---- C:\Users\McDan\AppData\Roaming\Media Player Classic
2012-12-12 08:22:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-12-12 08:21:05 ----D---- C:\Users\McDan\AppData\Roaming\DAEMON Tools Lite
2012-12-12 08:21:01 ----D---- C:\Users\McDan\AppData\Roaming\Winamp
2012-12-11 22:19:41 ----A---- C:\Windows\NeroDigital.ini
2012-12-11 08:08:48 ----D---- C:\ProgramData\IObit
2012-12-11 08:04:30 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-06 18:03:37 ----D---- C:\ProgramData\Adobe
2012-12-02 14:08:26 ----D---- C:\Windows\system32\drivers
2012-12-01 18:14:02 ----D---- C:\Windows\system32\catroot2
2012-12-01 18:14:01 ----D---- C:\Windows\system32\DriverStore
2012-12-01 18:14:01 ----D---- C:\Windows\system32\catroot
2012-11-25 00:33:15 ----D---- C:\Users\McDan\AppData\Roaming\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2009-12-25 257120]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-25 834544]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2009-12-25 1477728]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-12-25 943712]
R0 Tpkd;Tpkd; C:\Windows\system32\drivers\Tpkd.sys [2009-05-21 103272]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-07 314016]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 141728]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 163400]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 44944]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-07 43680]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2009-12-25 251488]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 10697216]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-09-28 460288]
R3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-03 2480104]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 40976]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 10697216]
S3 atillk64;atillk64; \??\C:\Program Files (x86)\AMD GPU Clock Tool\atillk64.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\Users\McDan\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-11-06 25640]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2009-06-17 89616]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2009-06-17 112144]
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 894480]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2480048]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-09-28 239616]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-09-30 75136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 23296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-16 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-16 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 116648]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-08 115168]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-12-25 321320]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-09 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Ubývající místo na C:
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Ubývající místo na C:
Naposledy upravil(a) vyosek dne 24 pro 2012 14:58, celkem upraveno 1 x.
Důvod: log odstranen z code
Důvod: log odstranen z code
Re: Ubývající místo na C:
Zdravim 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
Takže mám jako první provést RKill, vložit sem log a hned po tom provést ComboFix? Docela se toho bojím, aby se mi nějak nepoškodily Windows.. :/
Re: Ubývající místo na C:
Ano, presne jak pisete...
CF dela body obnovy a zalohy toho co maze, takze neni problem to pripadne obnovit
CF dela body obnovy a zalohy toho co maze, takze neni problem to pripadne obnovit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
RKill
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/25/2012 02:04:48 AM in x64 mode.
Windows Version: Windows 7 Ultimate
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\IoctlSvc.exe (PID: 1832) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245 760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332 288 : 07/14/2009 00:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245 760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
Program finished at: 12/25/2012 02:09:13 AM
Execution time: 0 hours(s), 4 minute(s), and 25 seconds(s)
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/25/2012 02:04:48 AM in x64 mode.
Windows Version: Windows 7 Ultimate
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\IoctlSvc.exe (PID: 1832) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245 760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332 288 : 07/14/2009 00:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245 760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
Program finished at: 12/25/2012 02:09:13 AM
Execution time: 0 hours(s), 4 minute(s), and 25 seconds(s)
Re: Ubývající místo na C:
Po CF mam volnyho mista cca 3GB
ComboFix 12-12-23.01 - McDan 25.12.2012 2:16.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4087.3117 [GMT 1:00]
Spuštěný z: c:\users\McDan\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McDan\AppData\Local\.#
c:\users\McDan\AppData\Local\.#\MBX@11E0@20619C0.###
c:\users\McDan\AppData\Local\.#\MBX@13B8@5D19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1448@1C19C0.###
c:\users\McDan\AppData\Local\.#\MBX@14BC@2F19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1578@1FA19C0.###
c:\users\McDan\AppData\Local\.#\MBX@15E0@2619C0.###
c:\users\McDan\AppData\Local\.#\MBX@1604@3C19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1674@1FD19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1F24@1F119C0.###
c:\users\McDan\AppData\Local\.#\MBX@314@3B19C0.###
c:\users\McDan\AppData\Local\.#\MBX@448@2419C0.###
c:\users\McDan\AppData\Local\.#\MBX@524@20819C0.###
c:\users\McDan\AppData\Local\.#\MBX@A84@1E919C0.###
c:\users\McDan\AppData\Local\.#\MBX@AE0@5819C0.###
c:\users\McDan\AppData\Local\.#\MBX@AEC@1F019C0.###
c:\users\McDan\AppData\Local\.#\MBX@B34@1DF19C0.###
c:\users\McDan\AppData\Local\.#\MBX@C04@2419C0.###
c:\users\McDan\AppData\Local\.#\MBX@D60@2319C0.###
c:\users\McDan\AppData\Local\.#\MBX@DBC@1E319C0.###
c:\users\McDan\AppData\Local\.#\MBX@E00@1FA19C0.###
c:\users\McDan\AppData\Local\.#\MBX@E38@2719C0.###
c:\users\McDan\AppData\Local\.#\MBX@F78@2119C0.###
c:\users\McDan\AppData\Local\.#\MBX@FB0@3E19C0.###
c:\users\McDan\AppData\Roaming\inst.exe
c:\users\McDan\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-24 13:23 . 2012-12-24 13:23 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iPod
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:22 . 2012-04-04 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 07:22 . 2011-07-15 18:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 13:32 . 2012-10-22 13:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-22 13:32 . 2012-10-22 13:32 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-22 13:31 . 2012-10-22 13:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-22 13:31 . 2012-10-22 13:31 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-22 13:31 . 2012-10-22 13:31 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-22 13:31 . 2012-10-22 13:31 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-22 13:28 . 2012-10-22 13:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 14164480 ----a-w- c:\windows\system32\shell32.dll
2012-10-22 13:28 . 2012-10-22 13:28 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-22 13:27 . 2012-10-22 13:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-22 13:27 . 2012-10-22 13:27 395776 ----a-w- c:\windows\system32\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 31232 ----a-w- c:\windows\system32\lsass.exe
2012-10-22 13:27 . 2012-10-22 13:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 28160 ----a-w- c:\windows\system32\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-22 13:27 . 2012-10-22 13:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-22 13:26 . 2012-10-22 13:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-22 13:26 . 2012-10-22 13:26 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-22 13:24 . 2012-10-22 13:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-22 13:24 . 2012-10-22 13:24 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-22 13:24 . 2012-10-22 13:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-22 13:23 . 2012-10-22 13:23 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-22 13:18 . 2012-10-22 13:18 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-22 13:18 . 2012-10-22 13:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-10-22 13:18 . 2012-10-22 13:18 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-22 13:18 . 2012-10-22 13:18 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rpcproc.exe"="c:\users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe" [2010-05-07 43998]
"RGSC"="d:\games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-16 306088]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\McDan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\ObjectDock\ObjectDock.exe [2010-5-25 3450608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Acrobat Speed Launcher"="d:\games\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ISUSScheduler"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\games\Acrobat 9.0\Acrobat\Acrotray.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="e:\itunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\McDan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-16 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 834544]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2009-12-25 1477728]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/26 16:02];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 44944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-25 251488]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:22]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:26]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:26]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job
- c:\users\McDan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 14:09]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job
- c:\users\McDan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 14:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1777664]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 709120]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2680696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit - d:\bitspirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - e:\bitspirit\bsurl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\
FF - prefs.js: browser.startup.homepage - www.google.cz/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - prefs.js: network.proxy.http - 95.211.9.173
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-31 16:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C016872E-1413-7A93-3234-CDBB447676E3}*]
"hajhfehmhoighgpc"=hex:63,62,67,61,63,62,6d,70,6c,65,65,6f,64,6f,6a,6b,6f,61,
63,6c,64,6c,65,63,6a,6b,70,70,68,6c,6e,70,64,64,65,6e,65,65,00,00
"iadhpffaopocgehbef"=hex:63,62,67,61,63,62,6d,70,6c,65,65,6f,64,6f,6a,6b,6f,61,
65,6c,6f,63,66,6d,70,66,64,64,6f,61,62,63,6c,62,61,70,6c,65,00,00
.
[HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\SecuROM\License information*]
"datasecu"=hex:0a,12,58,be,22,79,30,59,2a,77,eb,4d,65,4f,03,cc,3b,37,0c,69,99,
4d,8e,da,3c,e8,2e,44,68,4f,a3,e6,88,ec,f9,51,e3,e6,80,7d,a4,83,51,1f,7f,78,\
"rkeysecu"=hex:f9,1e,63,64,27,fc,d2,40,51,7f,84,b7,88,44,37,db
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 02:35:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 01:35
ComboFix2.txt 2011-03-19 18:17
ComboFix3.txt 2011-03-19 13:48
.
Před spuštěním: 659 566 592
Po spuštění: 3 111 391 232
.
- - End Of File - - B1DD1CF3AE987C20F09DEBCC821AC77D
ComboFix 12-12-23.01 - McDan 25.12.2012 2:16.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4087.3117 [GMT 1:00]
Spuštěný z: c:\users\McDan\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McDan\AppData\Local\.#
c:\users\McDan\AppData\Local\.#\MBX@11E0@20619C0.###
c:\users\McDan\AppData\Local\.#\MBX@13B8@5D19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1448@1C19C0.###
c:\users\McDan\AppData\Local\.#\MBX@14BC@2F19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1578@1FA19C0.###
c:\users\McDan\AppData\Local\.#\MBX@15E0@2619C0.###
c:\users\McDan\AppData\Local\.#\MBX@1604@3C19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1674@1FD19C0.###
c:\users\McDan\AppData\Local\.#\MBX@1F24@1F119C0.###
c:\users\McDan\AppData\Local\.#\MBX@314@3B19C0.###
c:\users\McDan\AppData\Local\.#\MBX@448@2419C0.###
c:\users\McDan\AppData\Local\.#\MBX@524@20819C0.###
c:\users\McDan\AppData\Local\.#\MBX@A84@1E919C0.###
c:\users\McDan\AppData\Local\.#\MBX@AE0@5819C0.###
c:\users\McDan\AppData\Local\.#\MBX@AEC@1F019C0.###
c:\users\McDan\AppData\Local\.#\MBX@B34@1DF19C0.###
c:\users\McDan\AppData\Local\.#\MBX@C04@2419C0.###
c:\users\McDan\AppData\Local\.#\MBX@D60@2319C0.###
c:\users\McDan\AppData\Local\.#\MBX@DBC@1E319C0.###
c:\users\McDan\AppData\Local\.#\MBX@E00@1FA19C0.###
c:\users\McDan\AppData\Local\.#\MBX@E38@2719C0.###
c:\users\McDan\AppData\Local\.#\MBX@F78@2119C0.###
c:\users\McDan\AppData\Local\.#\MBX@FB0@3E19C0.###
c:\users\McDan\AppData\Roaming\inst.exe
c:\users\McDan\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-25 01:24 . 2012-12-25 01:24 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-24 13:23 . 2012-12-24 13:23 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iPod
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:22 . 2012-04-04 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 07:22 . 2011-07-15 18:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 13:32 . 2012-10-22 13:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-22 13:32 . 2012-10-22 13:32 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-22 13:31 . 2012-10-22 13:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-22 13:31 . 2012-10-22 13:31 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-22 13:31 . 2012-10-22 13:31 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-22 13:31 . 2012-10-22 13:31 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-22 13:28 . 2012-10-22 13:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 14164480 ----a-w- c:\windows\system32\shell32.dll
2012-10-22 13:28 . 2012-10-22 13:28 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-22 13:27 . 2012-10-22 13:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-22 13:27 . 2012-10-22 13:27 395776 ----a-w- c:\windows\system32\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 31232 ----a-w- c:\windows\system32\lsass.exe
2012-10-22 13:27 . 2012-10-22 13:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 28160 ----a-w- c:\windows\system32\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-22 13:27 . 2012-10-22 13:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-22 13:26 . 2012-10-22 13:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-22 13:26 . 2012-10-22 13:26 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-22 13:24 . 2012-10-22 13:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-22 13:24 . 2012-10-22 13:24 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-22 13:24 . 2012-10-22 13:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-22 13:23 . 2012-10-22 13:23 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-22 13:18 . 2012-10-22 13:18 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-22 13:18 . 2012-10-22 13:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-10-22 13:18 . 2012-10-22 13:18 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-22 13:18 . 2012-10-22 13:18 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rpcproc.exe"="c:\users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe" [2010-05-07 43998]
"RGSC"="d:\games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-16 306088]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\McDan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\ObjectDock\ObjectDock.exe [2010-5-25 3450608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Acrobat Speed Launcher"="d:\games\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ISUSScheduler"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\games\Acrobat 9.0\Acrobat\Acrotray.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="e:\itunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\McDan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-16 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 834544]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2009-12-25 1477728]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/26 16:02];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 44944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-25 251488]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:22]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:26]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:26]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job
- c:\users\McDan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 14:09]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job
- c:\users\McDan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 14:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1777664]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 709120]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2680696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit - d:\bitspirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - e:\bitspirit\bsurl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\
FF - prefs.js: browser.startup.homepage - www.google.cz/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - prefs.js: network.proxy.http - 95.211.9.173
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-31 16:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C016872E-1413-7A93-3234-CDBB447676E3}*]
"hajhfehmhoighgpc"=hex:63,62,67,61,63,62,6d,70,6c,65,65,6f,64,6f,6a,6b,6f,61,
63,6c,64,6c,65,63,6a,6b,70,70,68,6c,6e,70,64,64,65,6e,65,65,00,00
"iadhpffaopocgehbef"=hex:63,62,67,61,63,62,6d,70,6c,65,65,6f,64,6f,6a,6b,6f,61,
65,6c,6f,63,66,6d,70,66,64,64,6f,61,62,63,6c,62,61,70,6c,65,00,00
.
[HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\SecuROM\License information*]
"datasecu"=hex:0a,12,58,be,22,79,30,59,2a,77,eb,4d,65,4f,03,cc,3b,37,0c,69,99,
4d,8e,da,3c,e8,2e,44,68,4f,a3,e6,88,ec,f9,51,e3,e6,80,7d,a4,83,51,1f,7f,78,\
"rkeysecu"=hex:f9,1e,63,64,27,fc,d2,40,51,7f,84,b7,88,44,37,db
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 02:35:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 01:35
ComboFix2.txt 2011-03-19 18:17
ComboFix3.txt 2011-03-19 13:48
.
Před spuštěním: 659 566 592
Po spuštění: 3 111 391 232
.
- - End Of File - - B1DD1CF3AE987C20F09DEBCC821AC77D
Re: Ubývající místo na C:
Odinstalujte Advanced SystemCare a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Restore:: C:\Windows\System32\UxTheme.dll Collect:: C:\Users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe File:: C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "rpcproc.exe"=- "RGSC"=- "ISUSPM Startup"=- "Infium"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^McDan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "BCU"=- "BDRegion"=- "SwitchBoard"=- "Adobe ARM"=- "QuickTime Task"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=- Firefox:: FF - ProfilePath - c:\users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.4&q= FF - prefs.js: network.proxy.http - 95.211.9.173 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 0 RegNull:: [HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C016872E-1413-7A93-3234-CDBB447676E3}*] [HKEY_USERS\S-1-5-21-1124315649-2559559486-122110515-1001\Software\SecuROM\License information*] RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
Tak hotovo a ted mi trochu místa dokonce ještě ubylo:DD
ComboFix 12-12-23.01 - McDan 25.12.2012 12:19:46.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4087.2966 [GMT 1:00]
Spuštěný z: c:\users\McDan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\McDan\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job
.
Nakažená kopie c:\windows\System32\UxTheme.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-24 13:23 . 2012-12-24 13:23 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iPod
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:22 . 2012-04-04 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 07:22 . 2011-07-15 18:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 13:32 . 2012-10-22 13:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-22 13:32 . 2012-10-22 13:32 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-22 13:31 . 2012-10-22 13:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-22 13:31 . 2012-10-22 13:31 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-22 13:31 . 2012-10-22 13:31 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-22 13:31 . 2012-10-22 13:31 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-22 13:28 . 2012-10-22 13:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 14164480 ----a-w- c:\windows\system32\shell32.dll
2012-10-22 13:28 . 2012-10-22 13:28 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-22 13:27 . 2012-10-22 13:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-22 13:27 . 2012-10-22 13:27 395776 ----a-w- c:\windows\system32\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 31232 ----a-w- c:\windows\system32\lsass.exe
2012-10-22 13:27 . 2012-10-22 13:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 28160 ----a-w- c:\windows\system32\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-22 13:27 . 2012-10-22 13:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-22 13:26 . 2012-10-22 13:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-22 13:26 . 2012-10-22 13:26 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-22 13:24 . 2012-10-22 13:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-22 13:24 . 2012-10-22 13:24 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-22 13:24 . 2012-10-22 13:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-22 13:23 . 2012-10-22 13:23 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-22 13:18 . 2012-10-22 13:18 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-22 13:18 . 2012-10-22 13:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-10-22 13:18 . 2012-10-22 13:18 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-22 13:18 . 2012-10-22 13:18 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
c:\users\McDan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\ObjectDock\ObjectDock.exe [2010-5-25 3450608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Acrobat Speed Launcher"="d:\games\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ISUSScheduler"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\games\Acrobat 9.0\Acrobat\Acrotray.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="e:\itunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\McDan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-16 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 834544]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2009-12-25 1477728]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/26 16:02];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 44944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-25 251488]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1777664]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 709120]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2680696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit - d:\bitspirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - e:\bitspirit\bsurl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\
FF - prefs.js: browser.startup.homepage - www.google.cz/ig
FF - ExtSQL: 2012-10-31 16:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 12:32:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 11:32
ComboFix2.txt 2012-12-25 01:35
ComboFix3.txt 2011-03-19 18:17
ComboFix4.txt 2011-03-19 13:48
.
Před spuštěním: 2 808 610 816
Po spuštění: 2 745 999 360
.
- - End Of File - - D3C6DC1F7700AAA719BEB3E2D757FAB3
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-12-23.01 - McDan 25.12.2012 12:19:46.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4087.2966 [GMT 1:00]
Spuštěný z: c:\users\McDan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\McDan\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McDan\AppData\Roaming\Microsoft\Media Player\update\rpcproc.exe
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1124315649-2559559486-122110515-1001UA.job
.
Nakažená kopie c:\windows\System32\UxTheme.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-25 11:25 . 2012-12-25 11:25 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-24 13:23 . 2012-12-24 13:23 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iPod
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 17:13 . 2012-12-15 17:13 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:22 . 2012-04-04 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 07:22 . 2011-07-15 18:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 13:32 . 2012-10-22 13:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-22 13:32 . 2012-10-22 13:32 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-10-22 13:32 . 2012-10-22 13:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-10-22 13:32 . 2012-10-22 13:32 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-10-22 13:32 . 2012-10-22 13:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-22 13:32 . 2012-10-22 13:32 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-22 13:32 . 2012-10-22 13:32 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-22 13:32 . 2012-10-22 13:32 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-22 13:32 . 2012-10-22 13:32 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-22 13:31 . 2012-10-22 13:31 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-22 13:31 . 2012-10-22 13:31 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-22 13:31 . 2012-10-22 13:31 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-22 13:31 . 2012-10-22 13:31 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-22 13:28 . 2012-10-22 13:28 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-22 13:28 . 2012-10-22 13:28 14164480 ----a-w- c:\windows\system32\shell32.dll
2012-10-22 13:28 . 2012-10-22 13:28 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-22 13:28 . 2012-10-22 13:28 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-22 13:27 . 2012-10-22 13:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-22 13:27 . 2012-10-22 13:27 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-10-22 13:27 . 2012-10-22 13:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-22 13:27 . 2012-10-22 13:27 395776 ----a-w- c:\windows\system32\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 31232 ----a-w- c:\windows\system32\lsass.exe
2012-10-22 13:27 . 2012-10-22 13:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 28160 ----a-w- c:\windows\system32\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-22 13:27 . 2012-10-22 13:27 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-22 13:27 . 2012-10-22 13:27 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-10-22 13:27 . 2012-10-22 13:27 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-22 13:27 . 2012-10-22 13:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-10-22 13:27 . 2012-10-22 13:27 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 13:27 . 2012-10-22 13:27 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-22 13:26 . 2012-10-22 13:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-22 13:26 . 2012-10-22 13:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-10-22 13:26 . 2012-10-22 13:26 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-22 13:26 . 2012-10-22 13:26 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-22 13:24 . 2012-10-22 13:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-22 13:24 . 2012-10-22 13:24 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-22 13:24 . 2012-10-22 13:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-22 13:23 . 2012-10-22 13:23 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-10-22 13:23 . 2012-10-22 13:23 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-22 13:23 . 2012-10-22 13:23 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-22 13:23 . 2012-10-22 13:23 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-22 13:23 . 2012-10-22 13:23 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-22 13:23 . 2012-10-22 13:23 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-22 13:18 . 2012-10-22 13:18 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-22 13:18 . 2012-10-22 13:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-10-22 13:18 . 2012-10-22 13:18 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-10-22 13:18 . 2012-10-22 13:18 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-10-22 13:18 . 2012-10-22 13:18 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-10-22 13:18 . 2012-10-22 13:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-22 13:18 . 2012-10-22 13:18 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-22 13:18 . 2012-10-22 13:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
c:\users\McDan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\ObjectDock\ObjectDock.exe [2010-5-25 3450608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Acrobat Speed Launcher"="d:\games\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ISUSScheduler"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\games\Acrobat 9.0\Acrobat\Acrotray.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="e:\itunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\McDan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-16 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-25 834544]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2009-12-25 1477728]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/26 16:02];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 44944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-25 251488]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1777664]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 709120]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2680696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Using &BitSpirit - d:\bitspirit\bsurl.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - e:\bitspirit\bsurl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\McDan\AppData\Roaming\Mozilla\Firefox\Profiles\ak3n1q6b.default\
FF - prefs.js: browser.startup.homepage - www.google.cz/ig
FF - ExtSQL: 2012-10-31 16:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 12:32:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 11:32
ComboFix2.txt 2012-12-25 01:35
ComboFix3.txt 2011-03-19 18:17
ComboFix4.txt 2011-03-19 13:48
.
Před spuštěním: 2 808 610 816
Po spuštění: 2 745 999 360
.
- - End Of File - - D3C6DC1F7700AAA719BEB3E2D757FAB3
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Ubývající místo na C:
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbanr
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
- Provedte aktualizaci
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrator]
25.12.2012 14:00:08
mbar-log-2012-12-25 (14-00-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 11626
Time elapsed: 11 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\McDan\Desktop\core.exe (Trojan.Agent.CK) -> Delete on reboot.
(end)
____________________________________________________
Druhý log po zapnutí PC
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.664000 GHz
Memory total: 4285980672, free: 2298253312
------------ Kernel report ------------
12/25/2012 13:48:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sphr.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mv91cons.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\system32\DRIVERS\tdrpm258.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\System32\Drivers\ayex5pj3.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\Epfwndis.sys
\SystemRoot\system32\DRIVERS\vcsvad.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdTools64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\epfw.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800485a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-7\
Lower Device Object: 0xfffffa80045e2060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004859060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80045c4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.25.06
Initializing...
Done!
<<<2>>>
Device number: 1, partition: 2
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800485a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004705900, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa8004704950, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8004705b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004703a80, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa800485a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043df690, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80045e2060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a003dac910, 0xfffffa800485a060, 0xfffffa8003f19790
Lower DeviceData: 0xfffff8a003b984b0, 0xfffffa80045e2060, 0xfffffa8003fc9820
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004859060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046fc9c0, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa80046fa950, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80046fbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004859d60, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa8004859060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045c4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a013448980, 0xfffffa8004859060, 0xfffffa8006217660
Lower DeviceData: 0xfffff8a01099b650, 0xfffffa80045c4060, 0xfffffa8006bc2e40
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CF102
GPT Protective MBR Partition information:
Partition 0 type is Other (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GptHeader Signature 4546492050415254
GptHeader Revision 65536 Size 92 CRC 1504890585
GptHeader CurrentLba = 1 BackupLba 3907029167
GptHeader FirstUsableLba 34 LastUsableLba 3907029134
GptHeader Guid 4c95bfe3-ab3b-4e24-b78f-535e295c8d2b
GptHeader 128 Partitions starting at LBA 2
GptHeader Partition entry size = 128
Backup GptHeader Signature 4546492050415254
Backup GptHeader Revision 65536 Size 92 CRC 1504890585
Backup GptHeader CurrentLba = 3907029167 BackupLba 1
Backup GptHeader FirstUsableLba 34 LastUsableLba 3907029134
Backup GptHeader Guid 4c95bfe3-ab3b-4e24-b78f-535e295c8d2b
Backup GptHeader 128 Partitions starting at LBA 3907029135
Backup GptHeader Partition entry size = 128
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 34d2f857-ce74-4c2a-8a94-7ffc654d75
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 1224b031-ccb6-4d3d-8ad8-c8b33541ef97
FirstLBA 264192 Last LBA 3907028991
Attributes 0
Partition Name Basic data partition
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A68406F7
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 104665088
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 104872320 Numsec = 1848647745
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.dat" is compressed (flags = 1)
Infected: C:\Users\McDan\Desktop\core.exe --> [Trojan.Agent.CK]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.664000 GHz
Memory total: 4285980672, free: 3135635456
www.malwarebytes.org
Database version: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrator]
25.12.2012 14:00:08
mbar-log-2012-12-25 (14-00-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 11626
Time elapsed: 11 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\McDan\Desktop\core.exe (Trojan.Agent.CK) -> Delete on reboot.
(end)
____________________________________________________
Druhý log po zapnutí PC
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.664000 GHz
Memory total: 4285980672, free: 2298253312
------------ Kernel report ------------
12/25/2012 13:48:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sphr.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mv91cons.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\system32\DRIVERS\tdrpm258.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\System32\Drivers\ayex5pj3.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\Epfwndis.sys
\SystemRoot\system32\DRIVERS\vcsvad.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdTools64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\epfw.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800485a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-7\
Lower Device Object: 0xfffffa80045e2060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004859060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80045c4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.25.06
Initializing...
Done!
<<<2>>>
Device number: 1, partition: 2
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800485a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004705900, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa8004704950, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8004705b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004703a80, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa800485a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043df690, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80045e2060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a003dac910, 0xfffffa800485a060, 0xfffffa8003f19790
Lower DeviceData: 0xfffff8a003b984b0, 0xfffffa80045e2060, 0xfffffa8003fc9820
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004859060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046fc9c0, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa80046fa950, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80046fbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004859d60, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa8004859060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045c4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a013448980, 0xfffffa8004859060, 0xfffffa8006217660
Lower DeviceData: 0xfffff8a01099b650, 0xfffffa80045c4060, 0xfffffa8006bc2e40
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CF102
GPT Protective MBR Partition information:
Partition 0 type is Other (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GptHeader Signature 4546492050415254
GptHeader Revision 65536 Size 92 CRC 1504890585
GptHeader CurrentLba = 1 BackupLba 3907029167
GptHeader FirstUsableLba 34 LastUsableLba 3907029134
GptHeader Guid 4c95bfe3-ab3b-4e24-b78f-535e295c8d2b
GptHeader 128 Partitions starting at LBA 2
GptHeader Partition entry size = 128
Backup GptHeader Signature 4546492050415254
Backup GptHeader Revision 65536 Size 92 CRC 1504890585
Backup GptHeader CurrentLba = 3907029167 BackupLba 1
Backup GptHeader FirstUsableLba 34 LastUsableLba 3907029134
Backup GptHeader Guid 4c95bfe3-ab3b-4e24-b78f-535e295c8d2b
Backup GptHeader 128 Partitions starting at LBA 3907029135
Backup GptHeader Partition entry size = 128
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 34d2f857-ce74-4c2a-8a94-7ffc654d75
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 1224b031-ccb6-4d3d-8ad8-c8b33541ef97
FirstLBA 264192 Last LBA 3907028991
Attributes 0
Partition Name Basic data partition
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A68406F7
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 104665088
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 104872320 Numsec = 1848647745
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.dat" is compressed (flags = 1)
Infected: C:\Users\McDan\Desktop\core.exe --> [Trojan.Agent.CK]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.664000 GHz
Memory total: 4285980672, free: 3135635456
Re: Ubývající místo na C:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrátor]
25.12.2012 14:09:44
mbam-log-2012-12-25 (14-09-44).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 224075
Uplynulý čas: 3 minut, 23 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
www.malwarebytes.org
Verze databáze: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrátor]
25.12.2012 14:09:44
mbam-log-2012-12-25 (14-09-44).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 224075
Uplynulý čas: 3 minut, 23 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Re: Ubývající místo na C:
To je rychla kontrola, ja chtel uplnou (kompletni), tak ji prosim udelejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
Ja mam 2TB HDD to po mě nemůžete chtít 
tak udělám jen C: to má 50 GB jen na systém
tak udělám jen C: to má 50 GB jen na systémRe: Ubývající místo na C:
Jop, to bude stacit, kompletni kontrola na systemovy disk
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Ubývající místo na C:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrátor]
25.12.2012 20:43:13
mbam-log-2012-12-25 (21-41-11).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 403360
Uplynulý čas: 57 minut, 7 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Program Files (x86)\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
(konec)
Ale to neni vir to asi špatně hlásí
www.malwarebytes.org
Verze databáze: v2012.12.25.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
McDan :: PRIVATE [administrátor]
25.12.2012 20:43:13
mbam-log-2012-12-25 (21-41-11).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 403360
Uplynulý čas: 57 minut, 7 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Program Files (x86)\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
(konec)
Ale to neni vir
to asi špatně hlásí 
Přispějete na provoz fóra?