VIRY.CZ

ComboFix 11-05-17.03 - Luda 19.05.2011 2:43.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.640 [GMT 2:00]
Spuštěný z: c:\users\Luda\Downloads\foxxxxxxxxx\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-19 do 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 00:35 . 2011-05-19 00:35 -------- d-----w- C:\rsit
2011-05-19 00:35 . 2011-05-19 00:35 -------- d-----w- c:\program files\trend micro
2011-05-19 00:24 . 2011-05-19 00:24 -------- d-----w- c:\program files (x86)\Google
2011-05-18 23:17 . 2011-01-08 03:27 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-18 23:13 . 2011-01-08 03:27 12961640 ----a-w- c:\windows\system32\nvlddmkm.sys
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\users\Luda\AppData\Roaming\Malwarebytes
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-18 11:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-18 11:28 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 10:15 . 2011-05-18 10:15 -------- d-----w- c:\users\Luda\AppData\Local\The Witcher 2
2011-05-18 09:57 . 2011-05-18 09:57 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-18 09:39 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2636D1D-BDBF-41D9-B5E9-4B92FC73864C}\mpengine.dll
2011-05-17 08:42 . 2011-05-17 08:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-15 01:13 . 2011-05-15 01:13 -------- d-----w- c:\users\Luda\AppData\Roaming\HPAppData
2011-05-14 16:58 . 2011-05-14 16:58 -------- d-----w- c:\users\Tatka\AppData\Roaming\DAEMON Tools Pro
2011-05-14 12:01 . 2011-05-18 09:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-05-14 12:00 . 2011-05-14 12:10 -------- d-----w- c:\users\Luda\AppData\Roaming\DAEMON Tools Pro
2011-05-14 12:00 . 2011-05-14 12:01 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-05-13 13:56 . 2011-05-13 18:21 -------- d-----w- c:\users\Luda\AppData\Local\PMB Files
2011-05-13 13:56 . 2011-05-13 13:57 -------- d-----w- c:\programdata\PMB Files
2011-05-13 13:56 . 2011-05-13 13:56 -------- d-----w- c:\program files (x86)\Pando Networks
2011-05-11 21:04 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 21:04 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 21:04 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 21:04 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 21:04 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 21:04 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 21:04 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 21:04 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 21:04 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 21:04 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 14:06 . 2011-05-18 23:47 -------- d-----w- c:\programdata\NVIDIA
2011-05-10 14:04 . 2011-05-10 14:04 -------- d-----w- C:\NVIDIA
2011-05-10 14:02 . 2011-05-10 14:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-09 19:24 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2011-05-09 19:24 . 2011-05-09 19:24 -------- d-----w- c:\program files\CPUID
2011-05-05 12:04 . 2011-05-05 12:04 -------- d-----w- c:\program files (x86)\Geeks3D
2011-04-28 08:22 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-28 08:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 08:22 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 08:22 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-19 08:52 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 20:23 . 2011-04-18 20:23 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A37282D7-72E5-4DE4-8570-685BC69462EB}\gapaengine.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-19 00:52 . 2011-02-13 00:16 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-19 00:52 . 2011-02-13 00:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-15 05:17 . 2011-04-16 00:19 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F34F95F8-F278-445C-AD4A-14127BCB2E86}\mpengine.dll
2011-03-11 06:19 . 2011-04-15 18:42 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 18:42 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 18:42 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 18:42 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-15 18:42 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 18:42 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 08:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 08:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-15 18:42 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-15 18:42 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-15 18:42 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-15 18:42 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 13:32 . 2011-03-01 13:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-24 06:30 . 2011-04-15 18:42 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-15 18:42 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-15 18:42 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-15 18:42 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 18:42 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-15 18:42 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-15 18:42 482816 ----a-w- c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-15 18:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-15 18:42 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-15 18:42 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-15 18:42 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-15 18:42 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-15 18:42 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-15 18:42 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-15 18:42 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-15 18:42 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-15 18:42 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 16:13 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 16:13 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 16:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-15 18:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 16:13 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-15 18:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-15 18:42 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-15 18:42 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-15 18:42 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-15 18:42 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\Luda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-24 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 eustub;Usb Stub (Eltima software);c:\windows\system32\DRIVERS\eusbstub.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 bdcvnjjikadyis;bdcvnjjikadyis;c:\windows\SysWOW64\ycpfzpq.exe [2009-04-04 77907]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 00:24]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 00:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {557114CA-B950-4C17-8D50-E0D96637BA6B} = 81.25.16.250,81.25.28.250
FF - ProfilePath - c:\users\Luda\AppData\Roaming\Mozilla\Firefox\Profiles\8phfano0.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-19 02:49:01
ComboFix-quarantined-files.txt 2011-05-19 00:49
.
Před spuštěním: 4 607 369 216
Po spuštění: 4 488 036 352
.
- - End Of File - - A68FC01D92254C3C7C50B05E9389C5D3

Zdravím, pouštět si jen tak sám od sebe ComboFix není zrovna moudré.

No nic už se stalo a budeme mazat.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

dík za pomoc...obcas mám modré smrti


ComboFix 11-05-17.03 - Luda 19.05.2011 12:07:08.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1136 [GMT 2:00]
Spuštěný z: c:\users\Luda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Luda\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-19 do 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 10:12 . 2011-05-19 10:12 -------- d-----w- c:\users\Tatka\AppData\Local\temp
2011-05-19 10:12 . 2011-05-19 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 00:55 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{673451B1-9C44-4007-B0BB-B5E422AA7E65}\mpengine.dll
2011-05-19 00:35 . 2011-05-19 00:35 -------- d-----w- C:\rsit
2011-05-19 00:35 . 2011-05-19 00:35 -------- d-----w- c:\program files\trend micro
2011-05-19 00:24 . 2011-05-19 01:29 -------- d-----w- c:\program files (x86)\Google
2011-05-18 23:17 . 2011-01-08 03:27 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-18 23:13 . 2011-01-08 03:27 12961640 ----a-w- c:\windows\system32\nvlddmkm.sys
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\users\Luda\AppData\Roaming\Malwarebytes
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-18 11:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 11:28 . 2011-05-18 11:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-18 11:28 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 10:15 . 2011-05-18 10:15 -------- d-----w- c:\users\Luda\AppData\Local\The Witcher 2
2011-05-18 09:57 . 2011-05-18 09:57 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-17 08:42 . 2011-05-17 08:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-14 16:58 . 2011-05-14 16:58 -------- d-----w- c:\users\Tatka\AppData\Roaming\DAEMON Tools Pro
2011-05-14 12:01 . 2011-05-18 09:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-05-14 12:00 . 2011-05-14 12:10 -------- d-----w- c:\users\Luda\AppData\Roaming\DAEMON Tools Pro
2011-05-14 12:00 . 2011-05-14 12:01 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-05-13 13:56 . 2011-05-13 18:21 -------- d-----w- c:\users\Luda\AppData\Local\PMB Files
2011-05-13 13:56 . 2011-05-13 13:57 -------- d-----w- c:\programdata\PMB Files
2011-05-13 13:56 . 2011-05-13 13:56 -------- d-----w- c:\program files (x86)\Pando Networks
2011-05-11 21:04 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 21:04 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 21:04 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 21:04 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 21:04 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 21:04 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 21:04 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 21:04 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 21:04 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 21:04 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 14:06 . 2011-05-19 09:12 -------- d-----w- c:\programdata\NVIDIA
2011-05-10 14:04 . 2011-05-10 14:04 -------- d-----w- C:\NVIDIA
2011-05-10 14:02 . 2011-05-10 14:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-09 19:24 . 2011-05-09 19:24 -------- d-----w- c:\program files\CPUID
2011-04-28 08:22 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-28 08:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 08:22 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 08:22 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-19 00:52 . 2011-02-13 00:16 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-19 00:52 . 2011-02-13 00:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-11 06:19 . 2011-04-15 18:42 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 18:42 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 18:42 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 18:42 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-15 18:42 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 18:42 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 08:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 08:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-15 18:42 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-15 18:42 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-15 18:42 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-15 18:42 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 13:32 . 2011-03-01 13:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-24 06:30 . 2011-04-15 18:42 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-15 18:42 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-15 18:42 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-15 18:42 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 18:42 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-15 18:42 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-15 18:42 482816 ----a-w- c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-15 18:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-15 18:42 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-15 18:42 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-15 18:42 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-15 18:42 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-15 18:42 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-15 18:42 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-15 18:42 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-15 18:42 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-15 18:42 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 16:13 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 16:13 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 16:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-15 18:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 16:13 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-15 18:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-15 18:42 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-15 18:42 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-19_00.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-08 17:03 . 2011-05-19 01:20 37684 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-19 09:13 32062 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-08 16:47 . 2011-05-19 09:13 20592 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1824940467-159789219-1926525023-1000_UserData.bin
+ 2010-11-01 20:56 . 2011-05-19 09:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-01 20:56 . 2011-05-18 23:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-01 20:56 . 2011-05-18 23:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-01 20:56 . 2011-05-19 09:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-01 20:56 . 2011-05-19 09:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-01 20:56 . 2011-05-18 23:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-08 17:08 . 2011-05-19 10:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-08 17:08 . 2011-05-19 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-08 17:08 . 2011-05-19 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-08 17:08 . 2011-05-19 10:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-03 23:18 . 2009-12-03 23:18 9849 c:\windows\SysWOW64\mswanpore.dll
+ 2010-08-31 07:42 . 2010-08-31 07:42 9849 c:\windows\SysWOW64\mswanpore.dll
+ 2011-05-19 01:19 . 2011-05-19 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-18 23:47 . 2011-05-18 23:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-18 23:47 . 2011-05-18 23:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-19 01:19 . 2011-05-19 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-05-19 00:55 652104 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-05-19 00:55 666360 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-05-19 00:55 121036 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-05-19 00:55 140056 c:\windows\system32\perfc005.dat
- 2010-10-08 16:51 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
+ 2010-10-08 16:51 . 2011-02-02 16:11 270720 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2011-05-18 23:19 471892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-19 01:18 471892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-05-19 01:32 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-05-18 23:15 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-21 17:16 . 2011-05-19 01:18 23212844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1824940467-159789219-1926525023-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\Luda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-24 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 eustub;Usb Stub (Eltima software);c:\windows\system32\DRIVERS\eusbstub.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 bdcvnjjikadyis;bdcvnjjikadyis;c:\windows\SysWOW64\ycpfzpq.exe [2009-04-04 77907]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {557114CA-B950-4C17-8D50-E0D96637BA6B} = 81.25.16.250,81.25.28.250
FF - ProfilePath - c:\users\Luda\AppData\Roaming\Mozilla\Firefox\Profiles\8phfano0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-05-19 12:14:28
ComboFix-quarantined-files.txt 2011-05-19 10:14
ComboFix2.txt 2011-05-19 00:49
.
Před spuštěním: Volných bajtů: 32 950 988 800
Po spuštění: Volných bajtů: 33 034 584 064
.
- - End Of File - - EF4DB0CFB90937E2FDA2BFCBF8DE5990

prosim umel by mi nekdo poradit?

Člověče chce to trošku trpělivost, nejsme tady celý den.

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak mi sem dej aktuální log.txt z Rsit, kterým jsi měl začít.

jasny..promin...posilam log



Logfile of random's system information tool 1.08 (written by random/random)
Run by Luda at 2011-05-19 23:18:27
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (8%) free of 390 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:32, on 19.5.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Luda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-21-1824940467-159789219-1926525023-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1824940467-159789219-1926525023-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{557114CA-B950-4C17-8D50-E0D96637BA6B}: NameServer = 81.25.16.250,81.25.28.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{557114CA-B950-4C17-8D50-E0D96637BA6B}: NameServer = 81.25.16.250,81.25.28.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{557114CA-B950-4C17-8D50-E0D96637BA6B}: NameServer = 81.25.16.250,81.25.28.250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: bdcvnjjikadyis - Helper - c:\windows\SysWOW64\ycpfzpq.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Program Files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8262 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\windows\SysWOW64\ycpfzpq.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1868
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-da9ff8f5-5512-4244-b2a6-06a07cfce2b2 -SystemEventPortName:HostProcess-932f9b28-210c-4da9-a140-d7d5b164e40b -IoCancelEventPortName:HostProcess-b204f465-b618-45f0-9cde-136f68f71b17 -NonStateChangingEventPortName:HostProcess-b559f77c-554b-4f6c-be25-baa95a4c1559 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7f6289e8-aeb2-4511-adb8-63678a99f2d7
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:1780
C:\Windows\Explorer.EXE
"taskhost.exe"
"c:\program files (x86)\wjztjzptgwqg\ycpfzp.exe"
"c:\program files (x86)\wjztjzptgwqg\ycpfzp.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
"C:\Users\Luda\AppData\Local\Apps\2.0\6J6XKPNT.YXW\5YRMXGLE.XY4\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\Luda\Downloads\foxxxxxxxxx\RSITx64(1).exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} -

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2011-03-17 842048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Luda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
C:\Users\Luda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Luda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-05-19 23:07:04 ----D---- C:\Program Files\Futuremark
2011-05-19 22:27:25 ----D---- C:\29c2c33d227c972ccd9e
2011-05-19 21:45:41 ----D---- C:\ProgramData\NVIDIA
2011-05-19 21:45:39 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-05-19 21:44:25 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\OpenCL.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvoglv64.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvgenco642060.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvdispco6420140.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvcuvid.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\nvcuda.dll
2011-05-19 21:44:25 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-05-19 21:44:24 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-05-19 21:44:24 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-05-19 21:44:24 ----A---- C:\Windows\system32\nvcompiler.dll
2011-05-19 21:44:24 ----A---- C:\Windows\system32\nvapi64.dll
2011-05-19 21:42:38 ----D---- C:\ProgramData\NVIDIA Corporation
2011-05-19 12:19:45 ----SHD---- C:\$RECYCLE.BIN
2011-05-19 12:14:30 ----D---- C:\Windows\temp
2011-05-19 12:14:28 ----A---- C:\ComboFix.txt
2011-05-19 02:42:08 ----D---- C:\Windows\ERDNT
2011-05-19 02:35:00 ----D---- C:\rsit
2011-05-19 02:35:00 ----D---- C:\Program Files\trend micro
2011-05-19 02:24:07 ----D---- C:\Program Files (x86)\Google
2011-05-18 13:28:42 ----D---- C:\Users\Luda\AppData\Roaming\Malwarebytes
2011-05-18 13:28:37 ----D---- C:\ProgramData\Malwarebytes
2011-05-18 13:28:37 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-05-18 13:28:34 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-18 13:28:34 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-05-18 11:57:58 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-05-14 14:01:38 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2011-05-14 14:00:54 ----D---- C:\Users\Luda\AppData\Roaming\DAEMON Tools Pro
2011-05-14 14:00:54 ----D---- C:\ProgramData\DAEMON Tools Pro
2011-05-13 15:56:57 ----D---- C:\ProgramData\PMB Files
2011-05-13 15:56:44 ----D---- C:\Program Files (x86)\Pando Networks
2011-05-11 23:04:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-11 23:04:26 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-05-11 23:04:25 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-05-11 23:04:22 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-11 23:04:22 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-11 23:04:21 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-11 23:04:21 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-05-11 23:04:21 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-11 23:04:21 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-11 23:04:21 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-10 16:04:39 ----D---- C:\NVIDIA
2011-05-09 21:24:12 ----D---- C:\Program Files\CPUID
2011-05-08 22:34:21 ----A---- C:\Windows\vtmb.ini
2011-04-28 10:22:19 ----A---- C:\Windows\explorer.exe
2011-04-28 10:22:18 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-04-28 10:22:15 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-04-28 10:22:15 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-28 10:21:30 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-04-28 10:21:30 ----A---- C:\Windows\system32\esent.dll
2011-04-28 10:21:30 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-04-28 10:21:30 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-04-28 10:21:30 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-04-28 10:21:30 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-04-28 10:21:29 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-04-28 10:21:29 ----A---- C:\Windows\system32\fsutil.exe
2011-04-28 10:21:29 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-04-28 10:21:29 ----A---- C:\Windows\system32\drivers\storport.sys
2011-04-28 10:21:29 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-04-28 10:21:29 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-04-28 10:21:05 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-04-28 10:21:05 ----A---- C:\Windows\system32\prevhost.exe
2011-04-26 12:06:05 ----D---- C:\ProgramData\Google
2011-04-25 18:31:56 ----A---- C:\Windows\d3xp.ini
2011-04-25 18:28:29 ----A---- C:\Windows\doom3.ini

======List of files/folders modified in the last 1 months======

2011-05-19 23:18:17 ----D---- C:\Windows
2011-05-19 23:18:09 ----SHD---- C:\System Volume Information
2011-05-19 23:17:46 ----D---- C:\Windows\system32\drivers
2011-05-19 23:07:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-05-19 23:07:34 ----D---- C:\Program Files (x86)\Common Files
2011-05-19 23:07:04 ----SHD---- C:\Windows\Installer
2011-05-19 23:07:04 ----RD---- C:\Program Files
2011-05-19 23:07:03 ----D---- C:\Config.Msi
2011-05-19 23:05:39 ----D---- C:\Windows\Prefetch
2011-05-19 23:05:33 ----AD---- C:\ProgramData\TEMP
2011-05-19 22:38:18 ----D---- C:\Windows\system32\config
2011-05-19 22:33:08 ----D---- C:\Windows\Minidump
2011-05-19 21:48:21 ----D---- C:\Windows\inf
2011-05-19 21:46:26 ----D---- C:\Program Files\NVIDIA Corporation
2011-05-19 21:46:24 ----D---- C:\Windows\system32\DriverStore
2011-05-19 21:46:24 ----D---- C:\Windows\system32\catroot
2011-05-19 21:45:41 ----RD---- C:\Users
2011-05-19 21:45:41 ----D---- C:\ProgramData
2011-05-19 21:45:39 ----RD---- C:\Program Files (x86)
2011-05-19 21:45:24 ----D---- C:\Windows\System32
2011-05-19 21:44:59 ----D---- C:\Windows\SysWOW64
2011-05-19 21:44:51 ----D---- C:\Windows\system32\catroot2
2011-05-19 21:43:51 ----D---- C:\Windows\Help
2011-05-19 12:12:23 ----A---- C:\Windows\system.ini
2011-05-19 12:10:18 ----D---- C:\Windows\SYSWOW64\drivers
2011-05-19 12:10:18 ----D---- C:\Windows\AppPatch
2011-05-19 12:10:16 ----D---- C:\Program Files\Common Files
2011-05-19 03:29:07 ----D---- C:\Windows\system32\Tasks
2011-05-19 03:29:06 ----D---- C:\Windows\Tasks
2011-05-19 02:55:05 ----HD---- C:\Windows\system32\GroupPolicy
2011-05-19 02:25:39 ----D---- C:\Users\Luda\AppData\Roaming\Ventrilo
2011-05-19 02:24:46 ----D---- C:\Program Files\CCleaner
2011-05-19 02:20:14 ----D---- C:\Windows\debug
2011-05-19 02:13:18 ----D---- C:\Windows\system32\drivers\etc
2011-05-18 14:14:18 ----D---- C:\Program Files (x86)\NightSky
2011-05-18 13:50:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-18 12:14:49 ----RSD---- C:\Windows\assembly
2011-05-18 12:00:04 ----D---- C:\Users\Luda\AppData\Roaming\RIFT
2011-05-14 02:59:02 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-05-12 20:37:37 ----D---- C:\Users\Luda\AppData\Roaming\TS3Client
2011-05-12 03:22:40 ----D---- C:\Windows\winsxs
2011-05-12 03:03:30 ----D---- C:\ProgramData\Microsoft Help
2011-05-12 03:01:03 ----A---- C:\Windows\system32\MRT.exe
2011-05-10 22:15:13 ----D---- C:\Users\Luda\AppData\Roaming\Mumble
2011-05-06 03:00:25 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-05-04 22:46:43 ----SD---- C:\Users\Luda\AppData\Roaming\Microsoft
2011-05-04 22:46:43 ----SD---- C:\ProgramData\Microsoft
2011-05-03 04:24:52 ----D---- C:\Windows\rescache
2011-04-30 13:04:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-04-28 18:53:20 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-04-28 18:53:20 ----D---- C:\Windows\system32\cs-CZ
2011-04-26 11:06:40 ----D---- C:\ProgramData\Codemasters
2011-04-26 11:05:09 ----D---- C:\Users\Luda\AppData\Roaming\Ubisoft
2011-04-21 18:56:46 ----SHD---- C:\Windows\POL
2011-04-21 16:01:34 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-14 526392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-18 272448]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-10-16 43168]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-10-16 310728]
S3 an828jk9;an828jk9; C:\Windows\system32\drivers\an828jk9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 eustub;Usb Stub (Eltima software); C:\Windows\System32\DRIVERS\eusbstub.sys [2010-09-29 15944]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 108072]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 19496]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 144424]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 125992]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 31272]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 123432]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 130088]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vuhub;Virtual Usb Hub; C:\Windows\system32\DRIVERS\vuhub.sys [2010-09-29 61512]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bdcvnjjikadyis;bdcvnjjikadyis; c:\windows\SysWOW64\ycpfzpq.exe [2009-04-04 77907]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-04-07 1012328]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-19 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Program Files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-08 1255736]
S4 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HJT najdeš zde :

C:\Program Files\trend micro\Luda.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

bdcvnjjikadyis

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


P.S. pokračujeme zase zítra, protože už na to nevidím

ketalak píše:http://www.uloz.to/9061507/movedfiles-rar

Co to je ?

Nechci stahovat nějaké zabalené soubory.

Log z OTMove It mi sem normálně nakopíruj.

mam stejny problem, proto postuji sem..diky za pomoc

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lucinka\Desktop\RSIT.exe
C:\Program Files\trend micro\Lucinka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8516 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312]
"eRecoveryService"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Skytel"=C:\Windows\Skytel.exe [2008-04-21 1826816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-09-01 858632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-08-07 13543968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-08-07 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2007-10-23 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-04-28 6111232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-04-18 15146376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-04-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-09-05 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2011-03-30 399736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Lucinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-20 16:07:28 ----D---- C:\rsit
2011-05-20 16:07:28 ----D---- C:\Program Files\trend micro
2011-05-20 15:56:22 ----D---- C:\Users\Lucinka\AppData\Roaming\BatteryBar
2011-05-20 15:56:21 ----D---- C:\Program Files\BatteryBar
2011-05-19 16:03:00 ----D---- C:\Program Files\GIMP-2.0
2011-05-16 20:53:41 ----D---- C:\Program Files\DVDVideoSoft
2011-05-16 20:53:41 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-05-15 21:10:54 ----A---- C:\Windows\system32\lsdelete.exe
2011-05-15 18:03:33 ----ASH---- C:\hiberfil.sys
2011-05-15 17:52:05 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-05-15 15:52:39 ----A---- C:\Windows\ntbtlog.txt
2011-05-15 15:33:44 ----HDC---- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-05-15 15:33:14 ----D---- C:\ProgramData\Lavasoft
2011-05-15 15:33:14 ----D---- C:\Program Files\Lavasoft
2011-05-15 15:29:20 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2011-05-15 15:29:18 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2011-05-15 15:29:17 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2011-05-15 15:07:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-05-15 14:54:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-05-15 14:51:32 ----D---- C:\Users\Lucinka\AppData\Roaming\GetRightToGo
2011-05-15 14:44:58 ----D---- C:\Windows\pss
2011-05-12 13:32:11 ----D---- C:\ProgramData\Sun
2011-05-12 13:32:10 ----D---- C:\Program Files\Common Files\Java
2011-05-12 13:31:53 ----A---- C:\Windows\system32\javaws.exe
2011-05-12 13:31:53 ----A---- C:\Windows\system32\javaw.exe
2011-05-12 13:31:53 ----A---- C:\Windows\system32\java.exe
2011-05-12 13:31:53 ----A---- C:\Windows\system32\deployJava1.dll
2011-05-12 13:27:37 ----D---- C:\Users\Lucinka\AppData\Roaming\HpUpdate
2011-05-12 13:27:34 ----D---- C:\Windows\Hewlett-Packard
2011-05-12 13:26:17 ----D---- C:\ProgramData\Skype Extras
2011-05-12 13:26:06 ----D---- C:\Program Files\Common Files\Skype
2011-05-08 13:45:44 ----D---- C:\Program Files\ICQ7.5
2011-05-03 21:09:06 ----D---- C:\Program Files\Zrychleni Pocitace
2011-05-03 21:08:31 ----D---- C:\Users\Lucinka\AppData\Roaming\OpenCandy
2011-05-03 21:08:11 ----D---- C:\Program Files\DsNET Corp
2011-05-02 14:23:24 ----A---- C:\Windows\system32\wininet.dll
2011-05-02 14:23:24 ----A---- C:\Windows\system32\msls31.dll
2011-05-02 14:23:24 ----A---- C:\Windows\system32\jsproxy.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\urlmon.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-05-02 14:23:23 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-05-02 14:23:23 ----A---- C:\Windows\system32\msrating.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\mshtmler.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\ieui.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\iesysprep.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\iertutil.dll
2011-05-02 14:23:23 ----A---- C:\Windows\system32\ieframe.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\url.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\iesetup.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\iernonce.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\iedkcs32.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\ieapfltr.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\ie4uinit.exe
2011-05-02 14:23:22 ----A---- C:\Windows\system32\icardie.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\dxtrans.dll
2011-05-02 14:23:22 ----A---- C:\Windows\system32\dxtmsft.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\wextract.exe
2011-05-02 14:23:21 ----A---- C:\Windows\system32\webcheck.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\vbscript.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\mshtmled.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\msfeeds.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\licmgr10.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\inseng.dll
2011-05-02 14:23:21 ----A---- C:\Windows\system32\iexpress.exe
2011-05-02 14:23:20 ----A---- C:\Windows\system32\pngfilt.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\occache.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\mshtml.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\mshta.exe
2011-05-02 14:23:20 ----A---- C:\Windows\system32\jscript9.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\jscript.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\imgutil.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\ieUnatt.exe
2011-05-02 14:23:20 ----A---- C:\Windows\system32\iepeers.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\ieakui.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\ieaksie.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\advpack.dll
2011-05-02 14:23:20 ----A---- C:\Windows\system32\admparse.dll
2011-05-02 14:23:19 ----A---- C:\Windows\system32\msfeedssync.exe
2011-05-02 14:23:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-05-02 14:23:19 ----A---- C:\Windows\system32\ieakeng.dll
2011-05-02 14:23:19 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-27 16:15:03 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-27 16:15:03 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-04-27 16:15:00 ----A---- C:\Windows\system32\XpsPrint.dll

======List of files/folders modified in the last 1 months======

2011-05-20 16:28:46 ----D---- C:\Windows\Temp
2011-05-20 16:24:24 ----D---- C:\Windows\Tasks
2011-05-20 16:07:28 ----RD---- C:\Program Files
2011-05-20 16:01:55 ----D---- C:\Windows\system32\Tasks
2011-05-20 15:17:00 ----D---- C:\Windows\system32\catroot2
2011-05-20 15:16:58 ----SHD---- C:\System Volume Information
2011-05-20 14:03:38 ----D---- C:\Program Files\Opera
2011-05-20 02:54:32 ----D---- C:\Users\Lucinka\AppData\Roaming\ICQ
2011-05-20 02:53:04 ----D---- C:\Windows\System32
2011-05-20 02:53:04 ----D---- C:\Windows\inf
2011-05-20 02:53:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-20 02:51:47 ----D---- C:\Windows\Prefetch
2011-05-19 19:09:11 ----D---- C:\Users\Lucinka\AppData\Roaming\gtk-2.0
2011-05-18 14:30:08 ----D---- C:\Users\Lucinka\AppData\Roaming\vlc
2011-05-17 16:29:12 ----SHD---- C:\Windows\Installer
2011-05-17 16:29:11 ----HD---- C:\Config.Msi
2011-05-17 11:33:55 ----D---- C:\Windows
2011-05-16 20:53:41 ----D---- C:\Program Files\Common Files
2011-05-15 22:09:52 ----D---- C:\Windows\Minidump
2011-05-15 17:52:05 ----D---- C:\Windows\system32\drivers
2011-05-15 16:03:52 ----D---- C:\Windows\system32\drivers\etc
2011-05-15 15:41:39 ----D---- C:\Windows\system32\WDI
2011-05-15 15:33:44 ----HD---- C:\ProgramData
2011-05-15 15:33:09 ----D---- C:\Windows\winsxs
2011-05-15 14:56:14 ----D---- C:\Users\Lucinka\AppData\Roaming\Skype
2011-05-15 14:53:08 ----D---- C:\Users\Lucinka\AppData\Roaming\uTorrent
2011-05-15 14:42:56 ----D---- C:\Users\Lucinka\AppData\Roaming\skypePM
2011-05-12 13:32:33 ----D---- C:\Windows\Debug
2011-05-12 13:31:51 ----D---- C:\Program Files\Java
2011-05-12 13:26:06 ----RD---- C:\Program Files\Skype
2011-05-12 13:26:02 ----D---- C:\ProgramData\Skype
2011-05-10 21:57:52 ----D---- C:\ProgramData\Microsoft Help
2011-05-10 21:53:57 ----A---- C:\Windows\system32\mrt.exe
2011-05-10 21:53:54 ----D---- C:\Windows\system32\catroot
2011-05-10 21:53:50 ----D---- C:\Program Files\Windows Mail
2011-05-08 14:50:56 ----D---- C:\Program Files\ICQ6Toolbar
2011-05-08 13:46:14 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-08 13:46:09 ----D---- C:\ProgramData\ICQ
2011-05-03 15:32:35 ----D---- C:\Windows\rescache
2011-05-02 21:42:29 ----D---- C:\Windows\system32\cs-CZ
2011-05-02 21:42:26 ----D---- C:\Program Files\Internet Explorer
2011-05-02 21:42:25 ----RD---- C:\Windows\Offline Web Pages
2011-05-02 21:42:24 ----D---- C:\Windows\system32\wbem
2011-05-02 21:42:24 ----D---- C:\Windows\system32\migration
2011-05-02 21:42:24 ----D---- C:\Windows\system32\en-US
2011-05-02 21:42:24 ----D---- C:\Windows\PolicyDefinitions
2011-05-02 21:42:16 ----SD---- C:\Windows\Downloaded Program Files
2011-05-02 14:23:39 ----D---- C:\Windows\Logs
2011-04-27 19:50:56 ----D---- C:\Windows\AppPatch
2011-04-23 18:37:31 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-21 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl1c613921;MpKsl1c613921; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C0B6611-09D7-4CA8-BD1E-6B2BD8C57F68}\MpKsl1c613921.sys [2011-05-20 28752]
R1 MpKsl3616a5b1;MpKsl3616a5b1; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C0B6611-09D7-4CA8-BD1E-6B2BD8C57F68}\MpKsl3616a5b1.sys [2011-05-20 28752]
R1 MpKsl5fff7a63;MpKsl5fff7a63; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C0B6611-09D7-4CA8-BD1E-6B2BD8C57F68}\MpKsl5fff7a63.sys [2011-05-20 28752]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-05-09 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-05-09 8704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-09-01 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-05-09 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-05-09 208896]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-07 7545824]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-09 661504]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S1 MpKsl42bf84d6;MpKsl42bf84d6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE26D0FA-6047-46B6-878D-B0F1DE9622DA}\MpKsl42bf84d6.sys []
S1 MpKsl916d1029;MpKsl916d1029; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8373EA9B-E060-455D-BA9F-4FF5F238B6B8}\MpKsl916d1029.sys []
S1 MpKslc937b30e;MpKslc937b30e; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3A898D1-77BC-425D-BB1C-13F6C3C1DBD0}\MpKslc937b30e.sys []
S1 MpKsld276ded0;MpKsld276ded0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F6AE22B-4B6E-460C-9A9E-9AB2C638EE72}\MpKsld276ded0.sys []
S3 aowh76k6;aowh76k6; C:\Windows\system32\drivers\aowh76k6.sys []
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-04-25 146688]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-15 15232]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S4 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S4 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S4 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S4 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S4 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S4 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-07 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-05-09 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-08-11 57344]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-08-11 57344]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-08-11 69632]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gupdate1c995e9d925c6e0;Google Update Service (gupdate1c995e9d925c6e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

mamnoa

Zdravím, buď tak hodný a založ si nové téma kam vložíš RSIT log kompletní (vč.hlavičky)
Ač jsou problémy totožné, příčiny mohou být různé a dvě různá řešení v jednom topicu jsou hokej.

jsem myslel že chceš poslat obsah té složky.


mám tam

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!

OTM by OldTimer - Version 3.1.17.2 log created on 05192011_234545

Stačí číst co píšu.

"v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\"

Tím je myšleno ten txt soubor.

Udělej tu akci znovu, jen dej pozor co tam kopíruješ z toho co jsem ti napsal, musí to být naprosto přesně.

Jinak to nefunguje.