VIRY.CZ

No rozhodne lepsi si s tim hrat, nemuzu byt treba tyden bez pocitace, kdyz ho potrebuji k praci. Spis me jen zajimalo, jestli ta chyba je tak zavazna, ze si za ty penize zaslouzim reklamaci.

tak posledni log po vsem co jsme dnes udelaly. snad uz je vse v poradku. diky doktore


Logfile of random's system information tool 1.09 (written by random/random)
Run by Rhonwyn at 2012-07-05 23:25:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 522 GB (55%) free of 954 GB
Total RAM: 8175 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:25:51, on 5.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Trust\GXT14 Mouse\StartAutorun.exe
C:\Program Files (x86)\Trust\GXT14 Mouse\RapooV1Process.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Rhonwyn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [trustGTX14] "C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" showhide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SD20E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Game Mouse Communication And Update Service V1 (KmGameMouseServiceV1) - UASSOFT.COM - C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14709 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe"
"C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe"
"C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2376
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
RPMDaemon.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Users\Rhonwyn\AppData\Local\Apps\2.0\CYDMYHL9.1VT\7Q4VDTDD.N1X\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" showhide
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" -hide
"C:\Program Files (x86)\BrowserCompanion\BCHelper.exe" /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
"C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
"C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe" /hide
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
"C:\Program Files (x86)\Trust\GXT14 Mouse\StartAutorun.exe" RapooV1Process.exe
RapooV1Process.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskeng.exe {DEFE7B36-0948-4822-9304-100567823E6E}
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4148.1.1876781281\761748596" /prefetch:3
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4148.2.1580346769\1804945523" /prefetch:3
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4148.3.776376377\1970901193" /prefetch:3
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4148.4.1064536197\772051332" /prefetch:3
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4148.5.892299392\1709249798" /prefetch:3
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Rhonwyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll" --lang=cs --channel="4148.6.2130596300\2035542413" /prefetch:4
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Rhonwyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll" --lang=cs --channel="4148.7.408443873\502843686" /prefetch:4
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4148.8.1531860449\192230283" --reduce-gpu-sandbox --disable-image-transport-surface /prefetch:12
"C:\Users\Rhonwyn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_http/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4148.9.1919012379\589334920" /prefetch:3
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
taskeng.exe {D9B19535-2483-4F97-93F9-D2784EA47549}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Rhonwyn\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Rhonwyn\AppData\Roaming\Mozilla\Firefox\Profiles\xk3embay.default

prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112060 ... 5d964fc&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Rhonwyn\AppData\Roaming\Mozilla\Firefox\Profiles\xk3embay.default\extensions\
bbrs_002@blabbers.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
GBHO.BHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
Chatvibes Browser Helper - C:\Program Files (x86)\BrowserCompanion\jsloader.dll [2011-10-27 225584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21 345968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
Chatvibes Browser Helper Verifier - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll [2011-10-27 141104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1d09c093-f71e-43c3-b948-19316cbd695e} - Smart Recovery 2 - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-11 11776104]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"=C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2010-08-23 2552320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2012-02-01 1242448]
"EPSON SX218 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE [2009-09-14 224768]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2012-06-30 3407496]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"=C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-01-21 776064]
"trustGTX14"=C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe [2009-06-05 4833792]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2011-11-11 205336]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Browser companion helper"=C:\Program Files (x86)\BrowserCompanion\BCHelper.exe [2011-12-16 187696]
"ZyngaGamesAgent"=C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [2010-11-15 841544]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-07 336384]

C:\Users\Rhonwyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-05 23:25:50 ----D---- C:\rsit
2012-07-05 19:54:03 ----D---- C:\ProgramData\ATI
2012-07-05 19:53:32 ----D---- C:\Program Files (x86)\AMD APP
2012-07-05 19:50:38 ----D---- C:\ATI
2012-07-05 19:45:05 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2012-07-05 19:32:56 ----D---- C:\ProgramData\EA Logs
2012-07-05 13:44:21 ----D---- C:\Program Files (x86)\HD Tune
2012-07-05 13:37:24 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2012-07-05 09:26:32 ----D---- C:\Program Files\trend micro
2012-07-04 08:41:55 ----D---- C:\Program Files\CCleaner
2012-07-04 08:27:42 ----D---- C:\Users\Rhonwyn\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 08:27:29 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-07-04 08:27:29 ----D---- C:\Program Files\SUPERAntiSpyware
2012-07-04 07:28:16 ----D---- C:\Users\Rhonwyn\AppData\Roaming\Malwarebytes
2012-07-04 07:28:04 ----D---- C:\ProgramData\Malwarebytes
2012-07-04 07:28:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-04 07:28:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-07-02 20:39:31 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-06-30 13:01:47 ----D---- C:\Program Files (x86)\VJoy
2012-06-30 13:01:47 ----A---- C:\Windows\system32\drivers\vjoy.sys
2012-06-30 12:50:19 ----A---- C:\Windows\system32\drivers\VSPE.sys
2012-06-30 12:40:01 ----A---- C:\user.js
2012-06-30 12:39:49 ----D---- C:\Program Files (x86)\BrowserCompanion
2012-06-20 16:02:31 ----D---- C:\Program Files\iPod
2012-06-20 16:02:30 ----D---- C:\Program Files\iTunes
2012-06-20 16:02:30 ----D---- C:\Program Files (x86)\iTunes
2012-06-19 06:21:34 ----A---- C:\Windows\system32\wups2.dll
2012-06-19 06:21:34 ----A---- C:\Windows\system32\wucltux.dll
2012-06-19 06:21:34 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-19 06:21:34 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-19 06:21:25 ----A---- C:\Windows\system32\wups.dll
2012-06-19 06:21:25 ----A---- C:\Windows\system32\wudriver.dll
2012-06-19 06:21:25 ----A---- C:\Windows\system32\wuapi.dll
2012-06-19 06:21:14 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-19 06:21:14 ----A---- C:\Windows\system32\wuapp.exe
2012-06-14 03:00:55 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-14 03:00:54 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-14 03:00:54 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-14 03:00:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-14 03:00:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-14 03:00:54 ----A---- C:\Windows\system32\urlmon.dll
2012-06-14 03:00:54 ----A---- C:\Windows\system32\url.dll
2012-06-14 03:00:54 ----A---- C:\Windows\system32\iertutil.dll
2012-06-14 03:00:53 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-14 03:00:53 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-06-14 03:00:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-14 03:00:53 ----A---- C:\Windows\system32\wininet.dll
2012-06-14 03:00:53 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-14 03:00:53 ----A---- C:\Windows\system32\ieui.dll
2012-06-14 03:00:52 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-14 03:00:52 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-06-14 03:00:52 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-14 03:00:52 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-14 03:00:52 ----A---- C:\Windows\system32\jscript9.dll
2012-06-14 03:00:52 ----A---- C:\Windows\system32\jscript.dll
2012-06-14 03:00:51 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-14 03:00:50 ----A---- C:\Windows\system32\mshtml.dll
2012-06-14 03:00:50 ----A---- C:\Windows\system32\ieframe.dll
2012-06-14 03:00:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-13 18:08:12 ----D---- C:\Program Files (x86)\TeamViewer
2012-06-13 18:07:24 ----A---- C:\Windows\SYSWOW64\hlvdd.dll
2012-06-13 08:55:56 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 08:55:56 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-13 08:55:56 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 08:55:50 ----A---- C:\Windows\system32\profsvc.dll
2012-06-13 08:55:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-06-13 08:55:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-06-13 08:55:45 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-06-13 08:55:43 ----A---- C:\Windows\system32\win32k.sys
2012-06-13 08:55:41 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-13 08:55:41 ----A---- C:\Windows\system32\msi.dll
2012-06-13 08:55:41 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 08:55:39 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-13 08:55:39 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-13 08:55:39 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 08:55:39 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-13 08:55:39 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 08:55:38 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-12 09:53:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-11 10:00:45 ----D---- C:\ProgramData\Mozilla
2012-06-11 10:00:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-11 09:56:20 ----D---- C:\Program Files\Microsoft Security Client
2012-06-11 09:55:32 ----D---- C:\bb3101f1d1cc1083cadb8bbb

======List of files/folders modified in the last 1 month======

2012-07-05 23:24:00 ----D---- C:\Windows\system32\config
2012-07-05 23:23:57 ----D---- C:\Windows\SoftwareDistribution
2012-07-05 23:23:40 ----D---- C:\Users\Rhonwyn\AppData\Roaming\Skype
2012-07-05 23:23:40 ----D---- C:\Program Files (x86)\Steam
2012-07-05 23:23:38 ----D---- C:\Windows\Logs
2012-07-05 23:23:38 ----D---- C:\Windows\inf
2012-07-05 23:23:38 ----D---- C:\Windows
2012-07-05 23:22:57 ----D---- C:\Windows\Temp
2012-07-05 23:15:33 ----D---- C:\Windows\SysWOW64
2012-07-05 23:15:33 ----D---- C:\Windows\System32
2012-07-05 23:13:59 ----D---- C:\Windows\system32\catroot
2012-07-05 22:48:23 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-07-05 19:58:56 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-07-05 19:54:03 ----HD---- C:\ProgramData
2012-07-05 19:53:33 ----SHD---- C:\Windows\Installer
2012-07-05 19:53:32 ----RD---- C:\Program Files (x86)
2012-07-05 19:53:16 ----D---- C:\Program Files\ATI Technologies
2012-07-05 19:52:10 ----D---- C:\Windows\system32\drivers
2012-07-05 19:52:08 ----D---- C:\Windows\system32\DriverStore
2012-07-05 18:27:03 ----RSD---- C:\Windows\assembly
2012-07-05 18:26:25 ----D---- C:\Windows\system32\catroot2
2012-07-05 18:26:21 ----SHD---- C:\System Volume Information
2012-07-05 17:11:38 ----D---- C:\Program Files (x86)\Origin Games
2012-07-05 12:38:17 ----D---- C:\Windows\Prefetch
2012-07-05 12:17:01 ----D---- C:\Windows\system32\drivers\etc
2012-07-05 11:32:52 ----D---- C:\Windows\Tasks
2012-07-05 09:26:32 ----RD---- C:\Program Files
2012-07-04 18:02:59 ----D---- C:\ProgramData\Solidshield
2012-07-04 18:00:42 ----D---- C:\Users\Rhonwyn\AppData\Roaming\GetRightToGo
2012-07-04 18:00:17 ----D---- C:\Users\Rhonwyn\AppData\Roaming\Ubisoft
2012-07-04 17:23:03 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-07-04 17:23:03 ----D---- C:\Program Files (x86)\Ubisoft
2012-07-04 08:46:48 ----D---- C:\Users\Rhonwyn\AppData\Roaming\DAEMON Tools Lite
2012-07-04 08:46:44 ----D---- C:\Users\Rhonwyn\AppData\Roaming\TS3Client
2012-07-04 08:43:26 ----D---- C:\Windows\Panther
2012-07-04 08:43:26 ----D---- C:\Windows\ModemLogs
2012-07-04 08:43:19 ----D---- C:\Windows\Minidump
2012-07-04 08:43:19 ----D---- C:\Windows\debug
2012-07-04 08:41:58 ----D---- C:\Windows\system32\Tasks
2012-07-02 20:39:32 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-06-30 17:50:56 ----D---- C:\Program Files (x86)\Origin
2012-06-30 12:47:05 ----D---- C:\Windows\SYSWOW64\directx
2012-06-30 09:16:51 ----D---- C:\World of Warcraft
2012-06-27 21:59:18 ----D---- C:\Program Files (x86)\Diablo III
2012-06-23 21:48:26 ----D---- C:\Users\Rhonwyn\AppData\Roaming\vlc
2012-06-23 11:25:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-06-22 21:59:06 ----D---- C:\Program Files (x86)\AMD
2012-06-21 08:43:42 ----D---- C:\Windows\rescache
2012-06-21 07:49:21 ----D---- C:\Windows\winsxs
2012-06-21 07:48:56 ----D---- C:\Windows\system32\cs-CZ
2012-06-19 18:08:20 ----D---- C:\Windows\system32\CodeIntegrity
2012-06-19 18:08:19 ----D---- C:\Users\Rhonwyn\AppData\Roaming\GHISLER
2012-06-19 18:08:17 ----D---- C:\Windows\system32\wbem
2012-06-19 18:06:14 ----D---- C:\Windows\system32\LogFiles
2012-06-14 22:37:16 ----D---- C:\warez
2012-06-14 03:38:29 ----D---- C:\Windows\Microsoft.NET
2012-06-14 03:29:20 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-06-14 03:29:19 ----D---- C:\Windows\SYSWOW64\migration
2012-06-14 03:29:19 ----D---- C:\Windows\system32\migration
2012-06-14 03:29:19 ----D---- C:\Program Files\Internet Explorer
2012-06-14 03:29:19 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-14 03:11:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-14 03:05:40 ----A---- C:\Windows\system32\MRT.exe
2012-06-13 18:07:39 ----D---- C:\Windows\system32\Setup
2012-06-13 18:07:16 ----D---- C:\MosaicApp
2012-06-12 09:47:39 ----D---- C:\Windows\system32\wfp
2012-06-12 09:46:41 ----D---- C:\ProgramData\Origin
2012-06-12 09:46:41 ----D---- C:\ProgramData\McAfee Security Scan
2012-06-12 09:46:40 ----D---- C:\Windows\registration
2012-06-12 09:46:19 ----SD---- C:\ProgramData\Microsoft
2012-06-11 10:01:01 ----D---- C:\Users\Rhonwyn\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-12 283200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2011-11-22 78208]
R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2011-11-22 139592]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2011-09-28 321536]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-08 9884672]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-08 307712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-07-05 25640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-11 2739176]
R3 KMWDFILTERV1;HIDUASServiceDesc; C:\Windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 vhidmini;VJoy Virtual Joystick; C:\Windows\system32\DRIVERS\vjoy.sys [2012-06-02 14976]
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2009-03-13 53760]
S3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2011-09-08 57088]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2011-08-09 21120]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-02-27 30528]
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-08 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DES2 Service;DES2 Service for Energy Saving.; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R2 hasplms;Sentinel Local License Manager; C:\Windows\system32\hasplms.exe [2011-12-30 4889032]
R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1; C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-07-05 76888]
R2 SCBackService;Splashtop Connect Service; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Smart TimeLock;Smart TimeLock Service; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R2 WinVNC4;VNC Server Version 4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-19 529232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Log je OK, jen se mi nelibi, ze vam bezi MBAM a SAS. Zbytecne zerou pamet a navic muze dochazet ke konfliktum s MSE.

Co se tyka toho disku.
Pokud bude ten vadny sektor i po uplnem formatu, tak je to urcite na reklamaci, jestli je jeste v zaruce.

Ajeje, tak jsem to dneska rano zapla, defragmentace uspesne ukoncena. Restart, jdu si na youtube a ta dve okna mi tam zase vyskocila.

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Dobry vecer,
po dokonceni combofixu a restartu pocitace neslo nic zapnout, psalo to neco o neplatnem registru klice, po druhem restartu uz to vypada ok.


ComboFix 12-07-06.01 - Rhonwyn 06.07.2012 18:26:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.4828 [GMT 2:00]
Spuštěný z: c:\users\Rhonwyn\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
c:\users\Rhonwyn\AppData\Roaming\Microsoft\Windows\Recent\Worms Reloaded.url
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-06 do 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 16:31 . 2012-07-06 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:04 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF93820C-DCB7-4893-8D65-3EDC9D7683A4}\mpengine.dll
2012-07-06 01:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-05 21:35 . 2012-07-05 21:35 -------- d-----w- c:\program files\Defraggler
2012-07-05 21:25 . 2012-07-05 21:25 -------- d-----w- C:\rsit
2012-07-05 17:54 . 2012-07-05 17:54 -------- d-----w- c:\programdata\ATI
2012-07-05 17:53 . 2012-07-05 17:53 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-05 17:50 . 2012-07-05 17:50 -------- d-----w- C:\ATI
2012-07-05 17:45 . 2012-07-05 17:45 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-07-05 17:32 . 2012-07-05 17:54 -------- d-----w- c:\programdata\EA Logs
2012-07-05 11:44 . 2012-07-05 11:44 -------- d-----w- c:\program files (x86)\HD Tune
2012-07-05 11:37 . 2012-07-05 11:37 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-07-05 08:29 . 2012-07-05 10:56 512 ----a-w- C:\PhysicalMBR.bin
2012-07-05 07:26 . 2012-07-05 21:25 -------- d-----w- c:\program files\trend micro
2012-07-05 07:15 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 06:41 . 2012-07-04 06:41 -------- d-----w- c:\program files\CCleaner
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\users\Rhonwyn\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\users\Rhonwyn\AppData\Roaming\Malwarebytes
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 05:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 05:20 . 2012-07-02 18:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 05:20 . 2012-07-02 18:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41E6F85B-8982-4FFC-802C-38946B95DF84}\gapaengine.dll
2012-07-02 18:39 . 2012-07-02 18:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-30 11:18 . 2012-06-30 11:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D22592D1-6A61-4532-8884-4399D1FA1F69}\offreg.dll
2012-06-30 11:01 . 2012-06-30 11:01 -------- d-----w- c:\program files (x86)\VJoy
2012-06-30 11:01 . 2012-06-02 08:37 14976 ----a-w- c:\windows\system32\drivers\vjoy.sys
2012-06-30 10:50 . 2012-06-30 10:50 40928 ----a-w- c:\windows\system32\drivers\VSPE.sys
2012-06-30 10:40 . 2012-06-30 10:40 250 ----a-w- C:\user.js
2012-06-30 10:39 . 2012-07-06 08:18 -------- d-----w- c:\program files (x86)\BrowserCompanion
2012-06-29 06:12 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D22592D1-6A61-4532-8884-4399D1FA1F69}\mpengine.dll
2012-06-22 19:59 . 2012-06-22 19:59 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Downloaded Installations
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files\iPod
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files\iTunes
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files (x86)\iTunes
2012-06-19 20:49 . 2012-06-19 20:49 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Macromedia
2012-06-19 04:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 04:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 04:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 04:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 04:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 04:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 04:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 04:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 04:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 16:08 . 2012-06-13 16:08 -------- d-----w- c:\program files (x86)\TeamViewer
2012-06-13 16:07 . 2011-05-13 09:19 198088 ----a-w- c:\windows\SysWow64\hlvdd.dll
2012-06-12 07:53 . 2012-06-19 04:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Mozilla
2012-06-11 07:56 . 2012-07-02 18:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-11 07:55 . 2012-06-11 07:56 -------- d-----w- C:\bb3101f1d1cc1083cadb8bbb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 16:33 . 2012-02-01 17:35 25640 ----a-w- c:\windows\gdrv.sys
2012-07-06 09:16 . 2012-04-19 20:22 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 09:16 . 2012-04-04 10:24 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 09:15 . 2012-04-04 10:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-05 17:58 . 2012-04-04 10:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 09:25 . 2012-03-30 12:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:25 . 2012-02-01 18:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 08:02 . 2012-05-29 08:02 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-12 14:58 . 2012-05-12 14:58 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-01 16:46 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-30 13:05 . 2012-04-30 13:05 53248 ----a-r- c:\users\Rhonwyn\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-01 1242448]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-06-30 3407496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"trustGTX14"="c:\program files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
.
c:\users\Rhonwyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-4-26 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-27 30528]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-02 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-12 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 204288]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 9884672]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 307712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Rhonwyn\AppData\Roaming\Mozilla\Firefox\Profiles\xk3embay.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112060&tt=280612_5_&babsrc=KW_ss&mntrId=ecc6f0cb0000000000001c6f65d964fc&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
.
**************************************************************************
.
Celkový čas: 2012-07-06 18:37:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-06 16:37
.
Před spuštěním: Volných bajtů: 548 202 201 088
Po spuštění: Volných bajtů: 548 102 242 304
.
- - End Of File - - CF2CA8E083938C1AAAB8C3C72971D37F

Jeste docistime.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni a ukoncete vsechny spustene programy
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Ano udelam to, asi se mi nevypl ten windows essencial antivirus, chtelo to po me, snazila jsem se vypnout, nijak jsem neprisla na to jak, tak jsem to jen zabila v procesech,ale evidentne to nestacilo. Zadne tlacitko na vypnuti jsem v essencials nenasla. Byl to nejaky problem?

To nevim, z vypisu nepoznam, jestli antivir CF nejak omezoval, nebo ne. Samozrejme se doporucuje vypnout ho, at muze CF v klidu mazat a nemusi bojovat jeste s antivirem

ComboFix 12-07-06.01 - Rhonwyn 06.07.2012 20:18:57.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.5868 [GMT 2:00]
Spuštěný z: c:\users\Rhonwyn\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rhonwyn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-06 do 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:25 . 2012-07-06 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:04 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF93820C-DCB7-4893-8D65-3EDC9D7683A4}\mpengine.dll
2012-07-06 01:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-05 21:35 . 2012-07-05 21:35 -------- d-----w- c:\program files\Defraggler
2012-07-05 21:25 . 2012-07-05 21:25 -------- d-----w- C:\rsit
2012-07-05 17:54 . 2012-07-05 17:54 -------- d-----w- c:\programdata\ATI
2012-07-05 17:53 . 2012-07-05 17:53 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-05 17:50 . 2012-07-05 17:50 -------- d-----w- C:\ATI
2012-07-05 17:45 . 2012-07-05 17:45 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-07-05 17:32 . 2012-07-05 17:54 -------- d-----w- c:\programdata\EA Logs
2012-07-05 11:44 . 2012-07-05 11:44 -------- d-----w- c:\program files (x86)\HD Tune
2012-07-05 11:37 . 2012-07-05 11:37 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-07-05 08:29 . 2012-07-05 10:56 512 ----a-w- C:\PhysicalMBR.bin
2012-07-05 07:26 . 2012-07-05 21:25 -------- d-----w- c:\program files\trend micro
2012-07-05 07:15 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 06:41 . 2012-07-04 06:41 -------- d-----w- c:\program files\CCleaner
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\users\Rhonwyn\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 06:27 . 2012-07-04 06:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\users\Rhonwyn\AppData\Roaming\Malwarebytes
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 05:28 . 2012-07-04 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 05:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 05:20 . 2012-07-02 18:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 05:20 . 2012-07-02 18:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41E6F85B-8982-4FFC-802C-38946B95DF84}\gapaengine.dll
2012-07-02 18:39 . 2012-07-02 18:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-30 11:18 . 2012-06-30 11:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D22592D1-6A61-4532-8884-4399D1FA1F69}\offreg.dll
2012-06-30 11:01 . 2012-06-30 11:01 -------- d-----w- c:\program files (x86)\VJoy
2012-06-30 11:01 . 2012-06-02 08:37 14976 ----a-w- c:\windows\system32\drivers\vjoy.sys
2012-06-30 10:50 . 2012-06-30 10:50 40928 ----a-w- c:\windows\system32\drivers\VSPE.sys
2012-06-30 10:40 . 2012-06-30 10:40 250 ----a-w- C:\user.js
2012-06-30 10:39 . 2012-07-06 08:18 -------- d-----w- c:\program files (x86)\BrowserCompanion
2012-06-29 06:12 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D22592D1-6A61-4532-8884-4399D1FA1F69}\mpengine.dll
2012-06-22 19:59 . 2012-06-22 19:59 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Downloaded Installations
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files\iPod
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files\iTunes
2012-06-20 14:02 . 2012-06-20 14:02 -------- d-----w- c:\program files (x86)\iTunes
2012-06-19 20:49 . 2012-06-19 20:49 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Macromedia
2012-06-19 04:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 04:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 04:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 04:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 04:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 04:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 04:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 04:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 04:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 16:08 . 2012-06-13 16:08 -------- d-----w- c:\program files (x86)\TeamViewer
2012-06-13 16:07 . 2011-05-13 09:19 198088 ----a-w- c:\windows\SysWow64\hlvdd.dll
2012-06-12 07:53 . 2012-06-19 04:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\users\Rhonwyn\AppData\Local\Mozilla
2012-06-11 07:56 . 2012-07-02 18:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-11 07:55 . 2012-06-11 07:56 -------- d-----w- C:\bb3101f1d1cc1083cadb8bbb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 18:27 . 2012-02-01 17:35 25640 ----a-w- c:\windows\gdrv.sys
2012-07-06 17:48 . 2012-04-19 20:22 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 17:48 . 2012-04-04 10:24 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 17:48 . 2012-04-04 10:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-05 17:58 . 2012-04-04 10:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 09:25 . 2012-03-30 12:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:25 . 2012-02-01 18:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 08:02 . 2012-05-29 08:02 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-12 14:58 . 2012-05-12 14:58 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-01 16:46 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-30 13:05 . 2012-04-30 13:05 53248 ----a-r- c:\users\Rhonwyn\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_16.33.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-06 16:44 51032 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 16:44 32792 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-07-06 16:40 92960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-01 17:20 . 2012-07-06 16:44 9520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1620382264-2599900636-2280877764-1000_UserData.bin
+ 2012-07-06 18:26 . 2012-07-06 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 16:33 . 2012-07-06 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 18:26 . 2012-07-06 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-01 17:34 . 2012-07-06 16:31 771232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-01 17:34 . 2012-07-06 18:25 771232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-06 16:31 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-06 18:25 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 21:36 . 2012-07-06 18:25 13045060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1620382264-2599900636-2280877764-1000-8192.dat
- 2012-02-02 21:36 . 2012-07-06 16:31 13045060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1620382264-2599900636-2280877764-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-01 1242448]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-06-30 3407496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"trustGTX14"="c:\program files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Rhonwyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-4-26 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-27 30528]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-02 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-12 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 204288]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 9884672]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 307712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rhonwyn\AppData\Roaming\Mozilla\Firefox\Profiles\xk3embay.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
.
**************************************************************************
.
Celkový čas: 2012-07-06 20:30:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-06 18:30
ComboFix2.txt 2012-07-06 16:37
.
Před spuštěním: Volných bajtů: 548 367 314 944
Po spuštění: Volných bajtů: 548 279 459 840
.
- - End Of File - - AB0AB8C76A163C5D17A68F66883F0EB3

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

Co pocitac, stale zlobi?

Zatim to jde ok, ale nemuzu dnes moc byt na pc, otestuji zitra. Spis me ale porad obtezuje jakysi Babylon toolbar, mam ho tam uz asi pres tyden, a nevim co to je a kde se to tam vzalo. Zapnu prohlizec a misto googlu nebo domovske stranky mi tam vyskoci babylon vyhledavac. Moc se mi to nezda. Prominte ze porad obtezuji.

Babylon je pekny previt, tezko se ho zbavuje, ale zkusime ho najit, parchanta. A nebojte, neobtezujete. Vzdyt kvuli tomu tu jsme

Stahnete SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte ho na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do okna zkopirujte tento skript kliknete na Look a chvili pockejte
Mel by na vas vyskocit log s nazvem Systemlook
Ten mi sem zkopirujte

Diky, a jeste mi tam v tom babylon vyhledavaci vyskakuje tabulka s tim ze byl nainstalovan jakysi Browser companion helper, take netusim co to je.

SystemLook 30.07.11 by jpshortstuff
Log created at 23:06 on 06/07/2012 by Rhonwyn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*babylon*"
No files found.

========== regfind ==========

Searching for "babylon"
[HKEY_CURRENT_USER\Software\BabylonToolbar]
[HKEY_CURRENT_USER\Software\BabylonToolbar\BabylonToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
"HP_URL"="http://search.babylon.com/?affID=112060 ... 6f65d964fc"
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
"SP_NAME"="Search the web (Babylon)"
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
"SP_URL"="http://search.babylon.com/?q={searchTer ... 6f65d964fc"
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
"TB_URL"="http://search.babylon.com/?q={searchTer ... 6f65d964fc"
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar]
"NT_URL"="http://search.babylon.com/?affID=112060 ... 6f65d964fc"
[HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar\Instl]
"InstallDir"="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
"AppName"="BabylonToolbarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
"AppPath"="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data]
"prtnrId"="BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc\CurVer]
@="esrv.BabylonESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data]
"prtnrId"="BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17"
[HKEY_USERS\S-1-5-21-1620382264-2599900636-2280877764-1000\Software\BabylonToolbar]
[HKEY_USERS\S-1-5-21-1620382264-2599900636-2280877764-1000\Software\BabylonToolbar\BabylonToolbar]

========== folderfind ==========

Searching for "*babylon*"
No folders found.

-= EOF =-

Tak to zkusime nejdrive takto

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands) Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)