vyskakující okno

Zpráva

Dejv.{cz} · #1 Příspěvek od **Dejv.{cz}** » 11 lis 2013 22:54

Po zapnutí PC se automaticky spustí firefox a otevře se tato stránka:

file:///C:/Users/David/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/web.html

LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2013-11-11 22:51:50
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 56 GB (19%) free of 300 GB
Total RAM: 8140 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:02, on 11.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: alga.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Microsoft Ms (Service1) - Unknown owner - C:\Windows\syswow64\service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9339 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-44c2e870-3513-4bff-8639-3c01a83df2e3 -SystemEventPortName:HostProcess-c4a3f8da-73ae-4ad7-ab3d-87b975fe05f6 -IoCancelEventPortName:HostProcess-ee9899f7-27fb-4452-a5ef-2338a158f5f7 -NonStateChangingEventPortName:HostProcess-cebfd24a-b533-496b-951a-00eaa2ab51f0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8b3c607f-369f-443a-a759-69929b513ca1
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 24712352
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows\syswow64\service.exe"
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:2232
KHALMNPR.EXE /API
WLIDSvcM.exe 1848
taskeng.exe {555C4C38-9CB4-4BDE-8CF9-7BC8C6EEE038}
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskeng.exe {1EF17568-867C-41DC-961F-B1646896631F}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\David\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec9984b4e0a84.job

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\0p0tx5t3.default

prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-08-17 439832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-08-17 393752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31 364824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-09 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-01-03 1425408]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 6330568]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-22 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-22 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-22 442352]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 3091224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2013-08-18 3665488]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2012-03-19 380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-10-30 1820584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA4RGA Device Manager.lnk]
C:\PROGRA~2\Philips\GOGEAR~1\GOGEAR~1.EXE -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-04-14 113288]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-11-07 766208]

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
alga.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-08 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-11 22:51:50 ----D---- C:\rsit
2013-11-11 22:51:50 ----D---- C:\Program Files\trend micro
2013-11-11 20:11:55 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2013-11-11 20:11:55 ----A---- C:\Windows\system32\uxtuneup.dll
2013-11-11 20:10:50 ----A---- C:\Windows\system32\TURegOpt.exe
2013-11-11 20:10:50 ----A---- C:\Windows\system32\authuitu.dll
2013-11-11 20:10:49 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2013-11-11 20:10:39 ----D---- C:\Users\David\AppData\Roaming\TuneUp Software
2013-11-11 20:10:21 ----D---- C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-11 20:09:52 ----D---- C:\ProgramData\TuneUp Software
2013-11-11 20:09:13 ----SHD---- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-11 20:09:13 ----HD---- C:\ProgramData\Common Files
2013-11-08 19:55:06 ----D---- C:\ProgramData\ATI
2013-11-08 19:46:50 ----D---- C:\Program Files (x86)\AMD AVT
2013-11-08 18:30:36 ----A---- C:\Windows\system32\ff_vfw.dll
2013-11-08 18:30:30 ----A---- C:\Windows\SYSWOW64\lagarith.dll
2013-11-08 18:30:30 ----A---- C:\Windows\system32\x264vfw64.dll
2013-11-08 18:30:30 ----A---- C:\Windows\system32\lagarith.dll
2013-11-08 18:30:29 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2013-11-08 18:30:29 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2013-11-08 18:30:29 ----A---- C:\Windows\SYSWOW64\x264vfw.dll
2013-11-08 18:30:29 ----A---- C:\Windows\system32\xvidvfw.dll
2013-11-08 18:30:29 ----A---- C:\Windows\system32\xvidcore.dll
2013-11-08 18:30:24 ----A---- C:\Windows\system32\unrar64.dll
2013-11-08 18:30:21 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2013-11-08 18:30:16 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2013-11-07 18:39:42 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2013-11-07 18:39:42 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2013-11-07 18:39:42 ----A---- C:\Windows\system32\atimpc64.dll
2013-11-07 18:39:42 ----A---- C:\Windows\system32\amdpcom64.dll
2013-11-07 18:39:36 ----A---- C:\Windows\system32\atiuxp64.dll
2013-11-07 18:39:34 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2013-11-07 18:39:34 ----A---- C:\Windows\system32\atiu9p64.dll
2013-11-07 18:39:32 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2013-11-07 18:39:30 ----A---- C:\Windows\system32\aticfx64.dll
2013-11-07 18:39:28 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2013-11-07 18:39:24 ----A---- C:\Windows\system32\atidxx64.dll
2013-11-07 18:39:20 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2013-11-07 18:39:14 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2013-11-07 18:39:10 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2013-11-07 18:39:04 ----A---- C:\Windows\system32\atiumd6a.dll
2013-11-07 18:39:00 ----A---- C:\Windows\system32\atiumd64.dll
2013-11-07 18:24:40 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2013-11-07 18:11:10 ----A---- C:\Windows\system32\clinfo.exe
2013-11-07 18:10:54 ----A---- C:\Windows\system32\OpenVideo64.dll
2013-11-07 18:10:46 ----A---- C:\Windows\SYSWOW64\OpenVideo.dll
2013-11-07 18:10:40 ----A---- C:\Windows\system32\OVDecode64.dll
2013-11-07 18:10:36 ----A---- C:\Windows\SYSWOW64\OVDecode.dll
2013-11-07 18:10:16 ----A---- C:\Windows\system32\amdocl64.dll
2013-11-07 18:07:38 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2013-11-07 18:05:28 ----A---- C:\Windows\system32\OpenCL.dll
2013-11-07 18:05:24 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-11-07 18:02:44 ----A---- C:\Windows\system32\coinst_13.25.18.dll
2013-11-07 17:44:16 ----A---- C:\Windows\system32\atio6axx.dll
2013-11-07 17:40:44 ----A---- C:\Windows\system32\atiapfxx.exe
2013-11-07 17:40:36 ----A---- C:\Windows\system32\aticalrt64.dll
2013-11-07 17:40:34 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2013-11-07 17:40:26 ----A---- C:\Windows\system32\aticalcl64.dll
2013-11-07 17:40:24 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2013-11-07 17:40:10 ----A---- C:\Windows\system32\aticaldd64.dll
2013-11-07 17:37:00 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2013-11-07 17:26:20 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2013-11-07 17:21:10 ----A---- C:\Windows\system32\atidemgy.dll
2013-11-07 17:21:00 ----A---- C:\Windows\system32\atimuixx.dll
2013-11-07 17:20:52 ----A---- C:\Windows\system32\atieclxx.exe
2013-11-07 17:20:02 ----A---- C:\Windows\system32\atiesrxx.exe
2013-11-07 17:18:34 ----A---- C:\Windows\system32\atitmm64.dll
2013-11-07 16:50:48 ----A---- C:\Windows\system32\atiadlxx.dll
2013-11-07 16:50:36 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2013-11-07 16:50:20 ----A---- C:\Windows\system32\atig6pxx.dll
2013-11-07 16:50:16 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2013-11-07 16:50:16 ----A---- C:\Windows\system32\atiglpxx.dll
2013-11-07 16:50:12 ----A---- C:\Windows\system32\atig6txx.dll
2013-11-07 16:50:04 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2013-11-07 16:49:54 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2013-11-07 16:46:26 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2013-11-07 12:21:24 ----A---- C:\Windows\system32\kdbsdk64.dll
2013-11-07 12:16:38 ----A---- C:\Windows\SYSWOW64\kdbsdk32.dll
2013-11-06 17:27:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-11-03 19:29:43 ----D---- C:\Program Files (x86)\Driver-Soft
2013-11-03 19:29:19 ----A---- C:\ProgramData\patch.dll
2013-11-03 19:28:50 ----D---- C:\Users\David\AppData\Roaming\Driver Genius Professional 12.0.0.1306 Final
2013-10-31 21:38:43 ----D---- C:\Users\David\AppData\Roaming\Rovio
2013-10-31 21:36:35 ----D---- C:\Users\David\AppData\Roaming\Rovio Entertainment Ltd
2013-10-30 21:45:53 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-10-30 21:45:47 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2013-10-30 21:11:15 ----D---- C:\Users\David\AppData\Roaming\Raptr
2013-10-30 21:11:15 ----D---- C:\Program Files (x86)\Raptr
2013-10-30 20:13:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2013-10-30 20:13:04 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-10-30 20:13:03 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2013-10-30 20:13:03 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2013-10-30 20:13:03 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-10-30 20:13:03 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-10-30 20:13:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2013-10-30 20:13:02 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-10-30 20:13:01 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2013-10-30 20:13:01 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2013-10-30 20:13:01 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-10-30 20:13:01 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-10-30 20:13:00 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2013-10-30 20:13:00 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-10-30 20:12:59 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2013-10-30 20:12:59 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-10-30 20:12:58 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2013-10-30 20:12:58 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2013-10-30 20:12:58 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-10-30 20:12:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-10-30 20:12:58 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-10-30 20:12:58 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-10-30 20:12:58 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-10-30 20:12:58 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-10-30 20:12:57 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2013-10-30 20:12:57 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2013-10-30 20:12:57 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-10-30 20:12:57 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-10-30 20:12:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2013-10-30 20:12:56 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-10-30 20:12:54 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2013-10-30 20:12:54 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-10-30 20:12:53 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2013-10-30 20:12:53 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2013-10-30 20:12:53 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-10-30 20:12:53 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-10-30 20:12:52 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2013-10-30 20:12:52 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-10-30 20:12:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2013-10-30 20:12:50 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-10-30 20:12:49 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2013-10-30 20:12:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-10-30 20:12:48 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2013-10-30 20:12:48 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-10-30 20:12:47 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2013-10-30 20:12:47 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2013-10-30 20:12:47 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-10-30 20:12:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-10-30 20:12:46 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2013-10-30 20:12:46 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2013-10-30 20:12:46 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-10-30 20:12:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-10-30 20:12:44 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2013-10-30 20:12:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2013-10-30 20:12:44 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-10-30 20:12:44 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-10-30 20:12:42 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2013-10-30 20:12:42 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-10-30 20:12:41 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2013-10-30 20:12:41 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2013-10-30 20:12:41 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2013-10-30 20:12:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-10-30 20:12:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-10-30 20:12:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-10-30 20:12:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2013-10-30 20:12:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-10-30 20:12:39 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2013-10-30 20:12:39 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2013-10-30 20:12:39 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2013-10-30 20:12:39 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-10-30 20:12:39 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-10-30 20:12:39 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-10-30 20:12:38 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2013-10-30 20:12:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2013-10-30 20:12:38 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-10-30 20:12:38 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-10-30 20:12:36 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2013-10-30 20:12:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-10-30 20:12:35 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2013-10-30 20:12:35 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2013-10-30 20:12:35 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2013-10-30 20:12:35 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2013-10-30 20:12:35 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-10-30 20:12:35 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-10-30 20:12:35 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-10-30 20:12:35 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-10-30 20:12:33 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2013-10-30 20:12:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2013-10-30 20:12:33 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-10-30 20:12:33 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-10-30 20:12:31 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2013-10-30 20:12:31 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2013-10-30 20:12:31 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-10-30 20:12:31 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-10-30 20:12:30 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2013-10-30 20:12:30 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-10-30 20:12:29 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2013-10-30 20:12:29 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-10-30 20:12:28 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2013-10-30 20:12:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2013-10-30 20:12:28 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-10-30 20:12:28 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-10-30 20:12:26 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2013-10-30 20:12:26 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2013-10-30 20:12:26 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-10-30 20:12:26 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-10-30 20:12:24 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2013-10-30 20:12:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2013-10-30 20:12:24 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-10-30 20:12:24 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-10-30 20:12:22 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2013-10-30 20:12:22 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-10-30 20:12:21 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2013-10-30 20:12:21 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-10-30 20:12:20 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2013-10-30 20:12:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2013-10-30 20:12:20 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-10-30 20:12:20 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-10-30 20:12:18 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2013-10-30 20:12:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-10-30 20:12:16 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2013-10-30 20:12:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2013-10-30 20:12:16 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-10-30 20:12:16 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-10-30 20:12:14 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2013-10-30 20:12:14 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2013-10-30 20:12:14 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-10-30 20:12:14 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-10-30 20:12:12 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2013-10-30 20:12:12 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2013-10-30 20:12:12 ----A---- C:\Windows\system32\xinput1_3.dll
2013-10-30 20:12:12 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-10-30 20:12:11 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2013-10-30 20:12:11 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-10-30 20:12:10 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2013-10-30 20:12:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2013-10-30 20:12:10 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-10-30 20:12:10 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-10-30 20:12:08 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2013-10-30 20:12:08 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-10-30 20:12:07 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2013-10-30 20:12:07 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-10-30 20:12:06 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2013-10-30 20:12:06 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2013-10-30 20:12:06 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-10-30 20:12:06 ----A---- C:\Windows\system32\d3dx10.dll
2013-10-30 20:12:04 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2013-10-30 20:12:04 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-10-30 20:12:03 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2013-10-30 20:12:03 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2013-10-30 20:12:03 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-10-30 20:12:03 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-10-30 20:12:02 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2013-10-30 20:12:02 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-10-30 20:12:01 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2013-10-30 20:12:01 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2013-10-30 20:12:01 ----A---- C:\Windows\system32\xinput1_2.dll
2013-10-30 20:12:01 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-10-30 20:12:00 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2013-10-30 20:12:00 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-10-30 20:11:59 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2013-10-30 20:11:59 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2013-10-30 20:11:59 ----A---- C:\Windows\system32\xinput1_1.dll
2013-10-30 20:11:59 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-10-30 20:11:52 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2013-10-30 20:11:52 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-10-30 20:11:50 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2013-10-30 20:11:50 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2013-10-30 20:11:50 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-10-30 20:11:50 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-10-30 20:11:48 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2013-10-30 20:11:48 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-10-30 20:11:47 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2013-10-30 20:11:47 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-10-30 20:11:45 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2013-10-30 20:11:45 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-10-30 20:11:43 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2013-10-30 20:11:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-10-30 20:11:42 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2013-10-30 20:11:42 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-10-30 20:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2013-10-30 20:11:40 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-10-30 19:27:09 ----RA---- C:\Windows\SYSWOW64\pbsvc.exe
2013-10-30 19:16:36 ----A---- C:\Windows\SYSWOW64\GEARAspi.dll
2013-10-30 19:16:36 ----A---- C:\Windows\SYSWOW64\drivers\GEARAspiWDM.sys
2013-10-30 19:16:20 ----D---- C:\Program Files (x86)\Philips
2013-10-28 13:38:48 ----A---- C:\Windows\SYSWOW64\service.exe
2013-10-25 21:48:03 ----D---- C:\Program Files\CPUID
2013-10-17 20:11:14 ----D---- C:\Windows\system32\appmgmt
2013-10-17 19:42:02 ----D---- C:\Users\David\AppData\Roaming\Zoner
2013-10-17 19:42:01 ----D---- C:\ProgramData\Zoner
2013-10-16 16:10:43 ----D---- C:\Users\David\AppData\Roaming\Philips-Songbird
2013-10-16 16:10:09 ----D---- C:\Program Files\DIFX
2013-10-16 16:09:28 ----D---- C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}
2013-10-16 15:58:08 ----D---- C:\Users\David\AppData\Roaming\Philips
2013-10-15 18:34:36 ----A---- C:\Windows\SYSWOW64\fmodex.dll
2013-10-15 18:34:36 ----A---- C:\Windows\SYSWOW64\fmod_event.dll
2013-10-15 17:47:47 ----D---- C:\Windows\pss

======List of files/folders modified in the last 1 month======

2013-11-11 22:51:57 ----D---- C:\Windows\Temp
2013-11-11 22:51:50 ----RD---- C:\Program Files
2013-11-11 22:06:18 ----D---- C:\Windows\System32
2013-11-11 22:06:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-11 22:04:21 ----A---- C:\Windows\SYSWOW64\log.txt
2013-11-11 22:00:41 ----D---- C:\Users\David\AppData\Roaming\DMCache
2013-11-11 20:37:20 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
2013-11-11 20:23:35 ----D---- C:\ProgramData\DriverGenius
2013-11-11 20:11:58 ----SHD---- C:\Windows\Installer
2013-11-11 20:11:56 ----D---- C:\Windows\SysWOW64
2013-11-11 20:10:21 ----RD---- C:\Program Files (x86)
2013-11-11 20:10:14 ----SHD---- C:\System Volume Information
2013-11-11 20:09:52 ----HD---- C:\ProgramData
2013-11-11 20:09:13 ----D---- C:\Windows
2013-11-09 20:18:39 ----D---- C:\Program Files (x86)\Steam
2013-11-09 16:54:54 ----D---- C:\Windows\system32\wdi
2013-11-09 09:05:28 ----D---- C:\Windows\Microsoft.NET
2013-11-08 19:46:52 ----D---- C:\ProgramData\AMD
2013-11-08 19:46:08 ----D---- C:\Program Files\ATI Technologies
2013-11-08 19:45:11 ----D---- C:\Windows\system32\catroot2
2013-11-08 19:45:11 ----D---- C:\Windows\system32\catroot
2013-11-08 19:44:32 ----D---- C:\Windows\system32\drivers
2013-11-08 19:44:22 ----D---- C:\Windows\inf
2013-11-08 19:44:18 ----D---- C:\Windows\system32\DriverStore
2013-11-08 19:43:08 ----D---- C:\ProgramData\Package Cache
2013-11-08 19:41:35 ----D---- C:\Windows\SYSWOW64\en-US
2013-11-08 19:41:35 ----D---- C:\Windows\system32\en-US
2013-11-08 18:52:28 ----RSD---- C:\Windows\assembly
2013-11-08 17:12:28 ----D---- C:\Hry
2013-11-08 12:48:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 18:30:00 ----D---- C:\Users\David\AppData\Roaming\vlc
2013-11-06 19:13:33 ----D---- C:\Users\David\AppData\Roaming\IDM
2013-10-31 21:34:32 ----D---- C:\Windows\Prefetch
2013-10-30 21:45:39 ----D---- C:\Windows\system32\LogFiles
2013-10-30 19:16:36 ----D---- C:\Windows\SYSWOW64\drivers
2013-10-25 21:43:48 ----AD---- C:\Program Files\Everest Portable 5.5
2013-10-16 15:54:45 ----D---- C:\ProgramData\Adobe
2013-10-16 15:54:02 ----D---- C:\Users\David\AppData\Roaming\Adobe
2013-10-15 18:34:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-15 17:09:36 ----D---- C:\Windows\winsxs
2013-10-15 17:09:27 ----D---- C:\Windows\system32\config
2013-10-15 12:18:37 ----D---- C:\Windows\Tasks
2013-10-15 12:18:37 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-20 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-01-10 190232]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2013-06-27 172920]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-11-07 13200896]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-11-07 624128]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2013-09-20 4747840]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-08 5358016]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 76568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 59160]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-01-03 535552]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-09 1451056]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-09-18 14112]
R3 WinUsb;Actions USB 2.0 (HS) WinUSB Device; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-11-07 239616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-08-09 325912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-30 76888]
R2 Service1;Microsoft Ms; C:\Windows\syswow64\service.exe [2013-10-28 189952]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-01-03 311808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-10-30 2099512]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-22 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 116648]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 357144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 lis 2013 08:56

Zdravim

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam, ze ten ESET jak ma byt = zakoupena licence

Dejv.{cz} · #3 Příspěvek od **Dejv.{cz}** » 12 lis 2013 14:21

ANO, eset je tak jak má být.

TADY INFO:

info.txt logfile of random's system information tool 1.09 2013-11-11 22:52:04

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
«Hitman. Sniper Challenge»-->"C:\Hry\Hitman Sniper Challenge\unins000.exe"
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Alien Rage-->"C:\Hry\Alien Rage\unins000.exe"
AMD Accelerated Video Transcoding-->MsiExec.exe /X{0CDD64BC-C5A9-86A6-4D2D-58044837B039}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{C7817B39-0536-8659-D017-B50AEF795EDD} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{2032BE0E-C56F-937F-6D8C-CB653D654EAE}
AMD Media Foundation Decoders-->MsiExec.exe /X{E471FA4C-4B23-F8EA-387A-1F9D420A66C8}
AMD Wireless Display v3.0-->MsiExec.exe /X{3360036C-6C3E-323A-99D4-18A25C89F7DC}
AMD Wireless Display v3.0-->MsiExec.exe /X{4FDD126F-445B-3432-6008-86596A925765}
Angry Birds Star Wars II-->MsiExec.exe /X{80E14D9E-9F59-4117-933A-BEE62FE47386}
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)-->C:\PROGRA~1\DIFX\4A7292F75FEBBD3C\dpinst64.exe /u C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_cda199fd57c22140\android_winusb.inf
Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
Battlefield 4 Update 1-->"C:\Hry\Battlefield 4\Battlefield 4\unins000.exe"
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
BF3 Settings Editor-->MsiExec.exe /X{5866DD36-8055-475B-A5C3-82C04091D14E}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" driver
Call of Duty Black Ops 2-->"C:\Program Files (x86)\Call of Duty Black Ops 2\unins000.exe"
Call of Duty(R) 2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty: Black Ops-->"C:\Hry\Call of Duty - Black Ops\unins000.exe"
Call of Duty: Ghosts Update 1-->"C:\Hry\Call of Duty Ghosts\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{59F0E916-7B87-4F09-888B-850F3F0700B5}
CPUID HWMonitor 1.22-->"C:\Program Files\CPUID\HWMonitor\unins000.exe"
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Day of Defeat: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/300
Driver Genius-->"C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe"
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
K-Lite Mega Codec Pack 10.1.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Logitech SetPoint 6.61-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
Microsoft .NET Framework 4.5-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5-->MsiExec.exe /X{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727-->"C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610-->"C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727-->"C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610-->"C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610-->MsiExec.exe /X{764384C5-BCA9-307C-9AAC-FD443662686A}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Moorhuhn Tiger & Chicken-->"C:\Program Files (x86)\InstallShield Installation Information\{4146288A-1747-4ACE-B52B-D8CDFA4AB9A0}\setup.exe" -runfromtemp -l0x0409 -removeonly
Mozilla Firefox 25.0 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Nero 10 micro cz (2010.05.06)-->"C:\Program Files (x86)\Nero\unins000.exe"
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Philips Songbird-->C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird-Uninstall.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Raptr-->"C:\Program Files (x86)\Raptr\uninstall.exe"
Rayman Legends-->"C:\Program Files (x86)\Rayman Legends\unins000.exe"
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0405 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Saints Row IV-->"C:\Hry\Saints Row IV\unins000.exe"
Setup-->MsiExec.exe /X{6638AED6-9018-4596-B671-C184FA699431}
Sniper Elite V2-->"C:\Hry\Sniper Elite V2\Uninstall\unins000.exe"
Sniper Ghost Warrior 2-->"C:\Hry\Sniper Ghost Warrior 2\unins000.exe"
Splinter Cell Blacklist-->C:\Hry\Splinter Cell Blacklist\uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics TouchPad Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander 64-bit (Remove or Repair)-->C:\Program Files\totalcmd\tcunin64.exe
Trials Evolution Gold Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{07D857B8-C956-401D-BC8F-EDA8459AF037}\setup.exe" -runfromtemp -l0x0409 -removeonly
Trials Evolution Gold Edition-->MsiExec.exe /X{07D857B8-C956-401D-BC8F-EDA8459AF037}
Trine 2-->"C:\Hry\Trine 2\unins000.exe"
TuneUp Utilities 2014-->C:\Program Files (x86)\TuneUp Utilities 2014\TUInstallHelper.exe --Trigger-Uninstall
Uplay-->C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
Validity WBF DDK-->MsiExec.exe /X{79174AF2-6CB1-42F5-981E-66DCA49391D0}
VLC media player 2.0.2-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
WinRAR 4.11 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 14-->"C:\Program Files\Zoner\Photo Studio 14\unins000.exe" /SILENT

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (480) Catalog Database: Ze záhlaví souboru protokolu C:\Windows\system32\CatRoot2\edb.log nelze číst. Chyba -546
Record Number: 5
Source Name: ESENT
Time Written: 20130920162959.000000-000
Event Type: Chyba
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20130920162958.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20130920162953.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 2
Source Name: Microsoft-Windows-EventSystem
Time Written: 20130920162948.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130920162947.816098-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130920162919.158848-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130920162919.158848-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x30ac2
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130920162918.690847-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130920162917.333645-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130920162917.271245-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 12 lis 2013 14:33

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Dejv.{cz} · #5 Příspěvek od **Dejv.{cz}** » 12 lis 2013 14:41

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2013 02:39:12 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\syswow64\service.exe (PID: 2860) [WD-HEUR]
* C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe (PID: 3012) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\David\Desktop\rkill\rkill-11-12-2013-02-39-27.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/12/2013 02:40:16 PM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)

#6 Příspěvek od **vyosek** » 12 lis 2013 14:42

Pokracujte ComboFixem...

Dejv.{cz} · #7 Příspěvek od **Dejv.{cz}** » 12 lis 2013 15:00

ComboFix 13-11-11.01 - David 12.11.2013 14:47:35.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.6388 [GMT 1:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\html.html
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\service.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-12 do 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 13:52 . 2013-11-12 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-11 21:51 . 2013-11-11 21:52 -------- d-----w- C:\rsit
2013-11-11 21:51 . 2013-11-11 21:52 -------- d-----w- c:\program files\trend micro
2013-11-11 19:11 . 2013-10-30 09:45 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2013-11-11 19:11 . 2013-10-30 09:45 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-11-11 19:10 . 2013-10-30 09:45 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2013-11-11 19:10 . 2013-10-30 09:45 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-11-11 19:10 . 2013-10-30 09:45 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-11-11 19:10 . 2013-11-11 19:10 -------- d-----w- c:\users\David\AppData\Roaming\TuneUp Software
2013-11-11 19:10 . 2013-11-11 19:16 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2013-11-11 19:09 . 2013-11-11 19:12 -------- d-----w- c:\programdata\TuneUp Software
2013-11-11 19:09 . 2013-11-11 19:23 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-11 19:09 . 2013-11-11 19:09 -------- d--h--w- c:\programdata\Common Files
2013-11-08 18:55 . 2013-11-08 18:55 -------- d-----w- c:\programdata\ATI
2013-11-08 18:46 . 2013-11-08 18:46 -------- d-----w- c:\program files (x86)\AMD AVT
2013-11-07 17:39 . 2013-11-07 17:39 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-11-07 17:24 . 2013-11-07 17:24 13200896 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-11-07 17:11 . 2013-11-07 17:11 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-11-07 17:10 . 2013-11-07 17:10 100352 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-11-07 17:10 . 2013-11-07 17:10 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-11-07 17:10 . 2013-11-07 17:10 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-11-07 17:10 . 2013-11-07 17:10 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-11-07 17:10 . 2013-11-07 17:10 29363712 ----a-w- c:\windows\system32\amdocl64.dll
2013-11-07 17:07 . 2013-11-07 17:07 24846848 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-11-07 17:05 . 2013-11-07 17:05 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-07 17:05 . 2013-11-07 17:05 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-07 17:02 . 2013-11-07 17:02 129536 ----a-w- c:\windows\system32\coinst_13.25.18.dll
2013-11-07 16:44 . 2013-11-07 16:44 26350592 ----a-w- c:\windows\system32\atio6axx.dll
2013-11-07 16:40 . 2013-11-07 16:40 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-11-07 16:40 . 2013-11-07 16:40 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-11-07 16:40 . 2013-11-07 16:40 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-11-07 16:40 . 2013-11-07 16:40 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-11-07 16:40 . 2013-11-07 16:40 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-11-07 16:40 . 2013-11-07 16:40 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-11-07 16:37 . 2013-11-07 16:37 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-11-07 16:26 . 2013-11-07 16:26 22156288 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-11-07 16:21 . 2013-11-07 16:21 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-11-07 16:21 . 2013-11-07 16:21 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-11-07 16:20 . 2013-11-07 16:20 585216 ----a-w- c:\windows\system32\atieclxx.exe
2013-11-07 16:20 . 2013-11-07 16:20 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-11-07 16:18 . 2013-11-07 16:18 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-11-07 15:50 . 2013-11-07 15:50 1145344 ----a-w- c:\windows\system32\atiadlxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 825856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-11-07 15:50 . 2013-11-07 15:50 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-11-07 15:50 . 2013-11-07 15:50 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-11-07 15:49 . 2013-11-07 15:49 624128 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-11-07 15:46 . 2013-11-07 15:46 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-11-07 11:21 . 2013-11-07 11:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-11-07 11:16 . 2013-11-07 11:16 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-11-06 09:41 . 2013-11-05 11:35 253440 ----a-w- c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
2013-11-03 18:29 . 2013-11-03 18:29 -------- d-----w- c:\program files (x86)\Driver-Soft
2013-11-03 18:29 . 2013-11-03 18:29 154 ----a-w- c:\programdata\patch.dll
2013-11-03 18:28 . 2013-11-03 18:28 -------- d-----w- c:\users\David\AppData\Roaming\Driver Genius Professional 12.0.0.1306 Final
2013-10-31 20:38 . 2013-10-31 20:38 -------- d-----w- c:\users\David\AppData\Roaming\Rovio
2013-10-31 20:36 . 2013-10-31 20:36 -------- d-----w- c:\users\David\AppData\Roaming\Rovio Entertainment Ltd
2013-10-30 20:45 . 2013-10-30 20:46 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-30 20:45 . 2013-10-30 20:45 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-30 20:45 . 2013-10-30 20:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-30 20:11 . 2013-10-30 20:11 -------- d-----w- c:\users\David\AppData\Roaming\Raptr
2013-10-30 20:11 . 2013-10-30 20:11 -------- d-----w- c:\program files (x86)\Raptr
2013-10-30 19:12 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-10-30 19:11 . 2006-03-31 11:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll
2013-10-30 18:27 . 2013-10-11 12:59 3894632 ----a-r- c:\windows\SysWow64\pbsvc.exe
2013-10-30 18:16 . 2012-04-04 22:29 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2013-10-30 18:16 . 2012-04-04 22:29 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2013-10-30 18:16 . 2013-10-30 18:16 -------- d-----w- c:\program files (x86)\Philips
2013-10-25 20:48 . 2013-10-25 20:48 -------- d-----w- c:\program files\CPUID
2013-10-25 20:16 . 2013-10-25 20:42 -------- d-----w- c:\users\David\AppData\Local\dxhr
2013-10-25 20:16 . 2013-10-25 20:16 -------- d-----w- c:\users\David\AppData\Local\238010
2013-10-21 17:47 . 2013-10-21 17:47 -------- d-----w- c:\users\David\AppData\Local\EMU
2013-10-17 19:11 . 2013-10-17 19:11 -------- d-----w- c:\windows\system32\appmgmt
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\users\David\AppData\Roaming\Zoner
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\programdata\Zoner
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\users\David\AppData\Local\Zoner
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\users\David\AppData\Local\Philips-Songbird
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\users\David\AppData\Roaming\Philips-Songbird
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\program files\DIFX
2013-10-16 15:09 . 2013-11-11 19:23 -------- d-----w- c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
2013-10-16 14:58 . 2013-10-16 14:58 -------- d-----w- c:\users\David\AppData\Roaming\Philips
2013-10-16 14:54 . 2013-11-11 19:23 -------- d-----w- c:\users\David\AppData\Local\Downloaded Installations
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\users\David\AppData\Local\storage
2013-10-15 17:34 . 2013-02-04 16:44 804384 ----a-w- c:\windows\SysWow64\fmodex.dll
2013-10-15 17:34 . 2013-02-04 16:44 312864 ----a-w- c:\windows\SysWow64\fmod_event.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 17:51 . 2013-09-20 19:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 18:49 . 2013-10-02 18:49 53248 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-02 18:49 . 2013-10-02 18:49 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-09-29 10:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-09-29 10:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-24 19:39 . 2013-09-24 19:39 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-20 19:00 . 2013-09-20 19:00 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-20 18:37 . 2013-09-20 18:38 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-09-20 18:37 . 2013-09-20 18:38 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2013-09-20 18:37 . 2013-09-20 18:38 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-09-20 18:37 . 2013-09-20 18:38 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2013-09-20 18:37 . 2013-09-20 18:38 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-09-15 22:50 . 2013-09-20 19:02 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD09B2D0-661D-4BBE-A9B2-3853E5304421}\mpengine.dll
2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-22 17:09 . 2013-09-20 19:07 217176 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-08-18 3665488]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-11-07 766208]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
alga.exe [2013-11-5 253440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 19:24 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 17:51]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 19:13]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec9984b4e0a84.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 19:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-03 1425408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\0p0tx5t3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - ExtSQL: 2013-09-20 22:24; mozilla_cc@internetdownloadmanager.com; c:\users\David\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-09-20 22:28; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\0p0tx5t3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-10-02 20:48; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1073828894-77590672-2085504627-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,79,ec,11,76,26,04,47,f9,0e,07,1b,f6,42,86,5b,ae,88,cc,ae,bd,
1a,8b,69,d1,a4,fe,5a,4f,bc,00,bb,7d,25,0f,72,35,b8,e3,e1,e2,db,69,c8,2f,f9,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 14:58:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-12 13:58
.
Před spuštěním: Volných bajtů: 58 180 730 880
Po spuštění: Volných bajtů: 57 686 106 112
.
- - End Of File - - F6E2D896400DD1E0F9DBE0FD34E8A6BB

#8 Příspěvek od **vyosek** » 12 lis 2013 15:26

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe

Rootkit::
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"IDMan"=-

RegNull::
[HKEY_USERS\S-1-5-21-1073828894-77590672-2085504627-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec9984b4e0a84.job

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dejv.{cz} · #9 Příspěvek od **Dejv.{cz}** » 12 lis 2013 15:43

ComboFix 13-11-11.01 - David 12.11.2013 15:32:04.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.6336 [GMT 1:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA1cec9984b4e0a84.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA1cec9984b4e0a84.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-12 do 2013-11-12 )))))))))))))))))))))))))))))))
.
.
2013-11-12 14:36 . 2013-11-12 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-11 21:51 . 2013-11-11 21:52 -------- d-----w- C:\rsit
2013-11-11 21:51 . 2013-11-11 21:52 -------- d-----w- c:\program files\trend micro
2013-11-11 19:11 . 2013-10-30 09:45 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2013-11-11 19:11 . 2013-10-30 09:45 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-11-11 19:10 . 2013-10-30 09:45 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2013-11-11 19:10 . 2013-10-30 09:45 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-11-11 19:10 . 2013-10-30 09:45 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-11-11 19:10 . 2013-11-11 19:10 -------- d-----w- c:\users\David\AppData\Roaming\TuneUp Software
2013-11-11 19:10 . 2013-11-11 19:16 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2013-11-11 19:09 . 2013-11-11 19:12 -------- d-----w- c:\programdata\TuneUp Software
2013-11-11 19:09 . 2013-11-11 19:23 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-11 19:09 . 2013-11-11 19:09 -------- d--h--w- c:\programdata\Common Files
2013-11-08 18:55 . 2013-11-08 18:55 -------- d-----w- c:\programdata\ATI
2013-11-08 18:46 . 2013-11-08 18:46 -------- d-----w- c:\program files (x86)\AMD AVT
2013-11-07 17:39 . 2013-11-07 17:39 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-11-07 17:24 . 2013-11-07 17:24 13200896 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-11-07 17:11 . 2013-11-07 17:11 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-11-07 17:10 . 2013-11-07 17:10 100352 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-11-07 17:10 . 2013-11-07 17:10 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-11-07 17:10 . 2013-11-07 17:10 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-11-07 17:10 . 2013-11-07 17:10 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-11-07 17:10 . 2013-11-07 17:10 29363712 ----a-w- c:\windows\system32\amdocl64.dll
2013-11-07 17:07 . 2013-11-07 17:07 24846848 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-11-07 17:05 . 2013-11-07 17:05 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-07 17:05 . 2013-11-07 17:05 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-07 17:02 . 2013-11-07 17:02 129536 ----a-w- c:\windows\system32\coinst_13.25.18.dll
2013-11-07 16:44 . 2013-11-07 16:44 26350592 ----a-w- c:\windows\system32\atio6axx.dll
2013-11-07 16:40 . 2013-11-07 16:40 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-11-07 16:40 . 2013-11-07 16:40 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-11-07 16:40 . 2013-11-07 16:40 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-11-07 16:40 . 2013-11-07 16:40 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-11-07 16:40 . 2013-11-07 16:40 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-11-07 16:40 . 2013-11-07 16:40 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-11-07 16:37 . 2013-11-07 16:37 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-11-07 16:26 . 2013-11-07 16:26 22156288 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-11-07 16:21 . 2013-11-07 16:21 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-11-07 16:21 . 2013-11-07 16:21 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-11-07 16:20 . 2013-11-07 16:20 585216 ----a-w- c:\windows\system32\atieclxx.exe
2013-11-07 16:20 . 2013-11-07 16:20 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-11-07 16:18 . 2013-11-07 16:18 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-11-07 15:50 . 2013-11-07 15:50 1145344 ----a-w- c:\windows\system32\atiadlxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 825856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-11-07 15:50 . 2013-11-07 15:50 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-11-07 15:50 . 2013-11-07 15:50 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-11-07 15:49 . 2013-11-07 15:49 624128 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-11-07 15:46 . 2013-11-07 15:46 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-11-07 11:21 . 2013-11-07 11:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-11-07 11:16 . 2013-11-07 11:16 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-11-03 18:29 . 2013-11-03 18:29 -------- d-----w- c:\program files (x86)\Driver-Soft
2013-11-03 18:29 . 2013-11-03 18:29 154 ----a-w- c:\programdata\patch.dll
2013-11-03 18:28 . 2013-11-03 18:28 -------- d-----w- c:\users\David\AppData\Roaming\Driver Genius Professional 12.0.0.1306 Final
2013-10-31 20:38 . 2013-10-31 20:38 -------- d-----w- c:\users\David\AppData\Roaming\Rovio
2013-10-31 20:36 . 2013-10-31 20:36 -------- d-----w- c:\users\David\AppData\Roaming\Rovio Entertainment Ltd
2013-10-30 20:45 . 2013-10-30 20:46 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-30 20:45 . 2013-10-30 20:45 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-30 20:45 . 2013-10-30 20:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-30 20:11 . 2013-10-30 20:11 -------- d-----w- c:\users\David\AppData\Roaming\Raptr
2013-10-30 20:11 . 2013-10-30 20:11 -------- d-----w- c:\program files (x86)\Raptr
2013-10-30 19:12 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-10-30 19:11 . 2006-03-31 11:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll
2013-10-30 18:27 . 2013-10-11 12:59 3894632 ----a-r- c:\windows\SysWow64\pbsvc.exe
2013-10-30 18:16 . 2012-04-04 22:29 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2013-10-30 18:16 . 2012-04-04 22:29 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2013-10-30 18:16 . 2013-10-30 18:16 -------- d-----w- c:\program files (x86)\Philips
2013-10-25 20:48 . 2013-10-25 20:48 -------- d-----w- c:\program files\CPUID
2013-10-25 20:16 . 2013-10-25 20:42 -------- d-----w- c:\users\David\AppData\Local\dxhr
2013-10-25 20:16 . 2013-10-25 20:16 -------- d-----w- c:\users\David\AppData\Local\238010
2013-10-21 17:47 . 2013-10-21 17:47 -------- d-----w- c:\users\David\AppData\Local\EMU
2013-10-17 19:11 . 2013-10-17 19:11 -------- d-----w- c:\windows\system32\appmgmt
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\users\David\AppData\Roaming\Zoner
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\programdata\Zoner
2013-10-17 18:42 . 2013-10-17 18:42 -------- d-----w- c:\users\David\AppData\Local\Zoner
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\users\David\AppData\Local\Philips-Songbird
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\users\David\AppData\Roaming\Philips-Songbird
2013-10-16 15:10 . 2013-10-16 15:10 -------- d-----w- c:\program files\DIFX
2013-10-16 15:09 . 2013-11-11 19:23 -------- d-----w- c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
2013-10-16 14:58 . 2013-10-16 14:58 -------- d-----w- c:\users\David\AppData\Roaming\Philips
2013-10-16 14:54 . 2013-11-11 19:23 -------- d-----w- c:\users\David\AppData\Local\Downloaded Installations
2013-10-15 19:24 . 2013-10-15 19:24 -------- d-----w- c:\users\David\AppData\Local\storage
2013-10-15 17:34 . 2013-02-04 16:44 804384 ----a-w- c:\windows\SysWow64\fmodex.dll
2013-10-15 17:34 . 2013-02-04 16:44 312864 ----a-w- c:\windows\SysWow64\fmod_event.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 17:51 . 2013-09-20 19:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 18:49 . 2013-10-02 18:49 53248 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-02 18:49 . 2013-10-02 18:49 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-09-29 10:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-09-29 10:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-24 19:39 . 2013-09-24 19:39 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-20 19:00 . 2013-09-20 19:00 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-20 18:37 . 2013-09-20 18:38 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-09-20 18:37 . 2013-09-20 18:38 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2013-09-20 18:37 . 2013-09-20 18:38 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-09-20 18:37 . 2013-09-20 18:38 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2013-09-20 18:37 . 2013-09-20 18:38 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-09-15 22:50 . 2013-09-20 19:02 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD09B2D0-661D-4BBE-A9B2-3853E5304421}\mpengine.dll
2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-22 17:09 . 2013-09-20 19:07 217176 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-11-07 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 19:24 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-03 1425408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\0p0tx5t3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - ExtSQL: 2013-09-20 22:24; mozilla_cc@internetdownloadmanager.com; c:\users\David\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-09-20 22:28; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\0p0tx5t3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-10-02 20:48; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 15:41:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-12 14:41
ComboFix2.txt 2013-11-12 13:58
.
Před spuštěním: Volných bajtů: 57 751 490 560
Po spuštění: Volných bajtů: 57 456 377 856
.
- - End Of File - - 7748722B2BE509E80504D55914E17F0E

#10 Příspěvek od **vyosek** » 12 lis 2013 15:57

Jak se chova PC

Dejv.{cz} · #11 Příspěvek od **Dejv.{cz}** » 12 lis 2013 16:39

Zdá se vše OK. Díky

#12 Příspěvek od **vyosek** » 12 lis 2013 17:53

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Dejv.{cz} · #13 Příspěvek od **Dejv.{cz}** » 12 lis 2013 20:56

Super. Díky

#14 Příspěvek od **vyosek** » 12 lis 2013 21:26

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

vyskakující okno

vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno

Re: vyskakující okno