VIRY.CZ

Dobry den ,
dnes jsem se vratil z dovolene a muj bratr rikal ze ma v pocitaci vir . Tak jsem se ho ptal co a jak :rikal ze zkousel eset online scener ten mu nasel jeefo.a virus pote se vrhnul na combofix a na konec kaspersky rescue disk tak bych prosil jestli by se tu nenasel nekdo kdo by kouknul na log popripadne me pomohl opravit skody ktere napachal
predem dekuji



Logfile of random's system information tool 1.09 (written by random/random)
Run by Jimi at 2011-08-21 16:15:25
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 52 GB (17%) free of 305 GB
Total RAM: 2047 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:31, on 21.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Game Booster\GameBox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\IObit\Game Booster\GameBooster.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Program Files\trend micro\Jimi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: GameRanger.lnk = Jimi\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10753 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
atieclxx
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"taskhost.exe"
taskeng.exe {2C674371-47EE-444C-8A65-659BDE29ABD2}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\IObit\Game Booster\GameBox.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2384
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
"C:\Program Files (x86)\Razer\DeathAdder\razertra.exe"
"C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe"
"C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\IObit\Game Booster\GameBooster.exe" -game
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Xfire\Xfire.exe"
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 4392
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 4392
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\firefox.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugin-container.exe" --channel=2188.1952d300.1590138320 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\omni.jar" 2188 "\\.\pipe\gecko-crash-server-pipe.2188" plugin
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\Jimi\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RMSchedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jimi\AppData\Roaming\Mozilla\Firefox\Profiles\llmxweud.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@comrade.gamespy.com/comrade]
"Description"=
"Path"=C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\ProgramData\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jimi\AppData\Roaming\Mozilla\Firefox\Profiles\llmxweud.default\extensions\
battlefieldheroespatcher@ea.com
{800b5000-a755-47e1-992b-48a1c1357f07}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\Jimi\AppData\Roaming\Mozilla\Firefox\Profiles\llmxweud.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-10-05 11474024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-06-30 2988928]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Nero MediaHome 4"=C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [2009-06-23 4891944]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]
"amd_dc_opt"=C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"DeathAdder"=C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [2011-03-21 248320]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2010-11-15 112600]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Users\Jimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GameRanger.lnk - C:\Users\Jimi\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-07-28 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=28
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-21 16:15:25 ----D---- C:\rsit
2011-08-21 16:15:25 ----D---- C:\Program Files\trend micro
2011-08-21 13:52:54 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-08-21 11:28:55 ----SHD---- C:\$RECYCLE.BIN
2011-08-21 10:44:12 ----A---- C:\ComboFix.txt
2011-08-21 10:23:17 ----A---- C:\Windows\zip.exe
2011-08-21 10:23:17 ----A---- C:\Windows\SWSC.exe
2011-08-21 10:23:17 ----A---- C:\Windows\SWREG.exe
2011-08-21 10:23:17 ----A---- C:\Windows\sed.exe
2011-08-21 10:23:17 ----A---- C:\Windows\PEV.exe
2011-08-21 10:23:17 ----A---- C:\Windows\NIRCMD.exe
2011-08-21 10:23:17 ----A---- C:\Windows\MBR.exe
2011-08-21 10:23:17 ----A---- C:\Windows\grep.exe
2011-08-21 10:23:11 ----D---- C:\Windows\ERDNT
2011-08-21 10:23:07 ----D---- C:\Qoobox
2011-08-17 03:00:55 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-08-16 17:16:30 ----D---- C:\Program Files (x86)\Microsoft Games
2011-08-14 17:48:37 ----D---- C:\ProgramData\Aspyr
2011-08-11 03:01:16 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-11 03:01:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-11 03:01:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-11 03:01:15 ----A---- C:\Windows\system32\iertutil.dll
2011-08-11 03:01:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-11 03:01:14 ----A---- C:\Windows\system32\jscript9.dll
2011-08-11 03:01:14 ----A---- C:\Windows\system32\ieui.dll
2011-08-11 03:01:13 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-11 03:01:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-08-11 03:01:13 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-11 03:01:13 ----A---- C:\Windows\system32\url.dll
2011-08-11 03:01:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-11 03:01:12 ----A---- C:\Windows\system32\urlmon.dll
2011-08-11 03:01:12 ----A---- C:\Windows\system32\jscript.dll
2011-08-11 03:01:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-11 03:01:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-11 03:01:11 ----A---- C:\Windows\system32\wininet.dll
2011-08-11 03:01:11 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 03:01:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-11 03:01:07 ----A---- C:\Windows\system32\mshtml.dll
2011-08-11 03:01:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-11 03:01:05 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 21:58:04 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 21:58:02 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 21:57:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 21:57:58 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-10 21:57:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 21:57:55 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 21:57:55 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 21:57:54 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 21:57:54 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 21:57:53 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 21:57:53 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 21:57:53 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 21:57:53 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 21:57:53 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 21:57:53 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 21:57:53 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:57:38 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:57:38 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 21:57:38 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 21:57:38 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 21:57:38 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 21:57:38 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 21:57:38 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:57:37 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:57:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:57:36 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:57:36 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 21:57:36 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-09 10:59:35 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-07 00:04:08 ----D---- C:\Program Files (x86)\DExUS
2011-08-05 12:18:12 ----D---- C:\Program Files (x86)\Electronic Arts
2011-08-04 04:00:33 ----RA---- C:\Windows\SYSWOW64\tmpAF6A.tmp
2011-08-04 03:17:15 ----D---- C:\Program Files (x86)\Aspyr
2011-07-31 20:14:21 ----D---- C:\Users\Jimi\AppData\Roaming\Tropico 3
2011-07-31 19:34:03 ----D---- C:\Program Files (x86)\Kalypso
2011-07-29 18:57:21 ----A---- C:\Windows\system32\CleanMFT64.exe
2011-07-29 18:57:20 ----A---- C:\Windows\SYSWOW64\msxml.dll
2011-07-29 18:57:08 ----D---- C:\Program Files (x86)\Registry Mechanic
2011-07-29 18:57:05 ----AD---- C:\ProgramData\TEMP
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\msrating.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\msls31.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\icardie.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2011-07-28 21:06:14 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\wextract.exe
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\mshta.exe
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\inseng.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-07-28 21:06:13 ----A---- C:\Windows\SYSWOW64\admparse.dll
2011-07-28 21:06:13 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-07-28 21:06:12 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-07-28 21:06:12 ----A---- C:\Windows\system32\pngfilt.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\occache.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\msrating.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\msls31.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\mshtmler.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\mshta.exe
2011-07-28 21:06:12 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-28 21:06:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\imgutil.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\ieUnatt.exe
2011-07-28 21:06:12 ----A---- C:\Windows\system32\iesysprep.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\iepeers.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\ieakui.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\ieaksie.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\ieakeng.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-07-28 21:06:12 ----A---- C:\Windows\system32\admparse.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\wextract.exe
2011-07-28 21:06:11 ----A---- C:\Windows\system32\webcheck.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\vbscript.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\inseng.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\iexpress.exe
2011-07-28 21:06:11 ----A---- C:\Windows\system32\iesetup.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\iernonce.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\ieapfltr.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\ieapfltr.dat
2011-07-28 21:06:11 ----A---- C:\Windows\system32\ie4uinit.exe
2011-07-28 21:06:11 ----A---- C:\Windows\system32\icardie.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\dxtrans.dll
2011-07-28 21:06:11 ----A---- C:\Windows\system32\dxtmsft.dll
2011-07-28 20:41:01 ----D---- C:\Windows\system32\SPReview
2011-07-28 20:37:55 ----D---- C:\Windows\system32\EventProviders
2011-07-28 16:09:31 ----D---- C:\Program Files\MyDefrag v4.3.1
2011-07-28 16:09:31 ----A---- C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-07-28 16:09:31 ----A---- C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-07-28 16:06:54 ----D---- C:\Users\Jimi\AppData\Roaming\go
2011-07-28 16:06:50 ----D---- C:\ProgramData\Easybits GO
2011-07-28 14:16:50 ----D---- C:\Users\Jimi\AppData\Roaming\SUPERAntiSpyware.com
2011-07-28 14:16:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-07-28 14:16:41 ----D---- C:\ProgramData\!SASCORE
2011-07-28 14:16:37 ----D---- C:\Program Files\SUPERAntiSpyware
2011-07-28 10:52:21 ----SHD---- C:\ProgramData\SecuROM
2011-07-28 10:39:41 ----RHD---- C:\Users\Jimi\AppData\Roaming\SecuROM
2011-07-28 10:36:04 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2011-07-26 20:31:01 ----D---- C:\ProgramData\Western Digital
2011-07-26 20:30:03 ----D---- C:\Program Files (x86)\Western Digital
2011-07-26 20:30:02 ----D---- C:\Program Files\Western Digital
2011-07-24 13:18:32 ----A---- C:\Windows\WORDPAD.INI
2011-07-23 16:18:38 ----D---- C:\Users\Jimi\AppData\Roaming\Razer
2011-07-23 16:03:09 ----A---- C:\Windows\system32\drivers\VKbms.sys
2011-07-23 16:03:09 ----A---- C:\Windows\system32\drivers\hidkmdf.sys
2011-07-23 16:03:08 ----A---- C:\Windows\system32\drivers\danew.sys
2011-07-23 16:03:07 ----D---- C:\Program Files (x86)\Razer

======List of files/folders modified in the last 1 month======

2011-08-21 16:15:30 ----D---- C:\Windows\Temp
2011-08-21 16:15:25 ----RD---- C:\Program Files
2011-08-21 16:13:54 ----D---- C:\Windows\system32\config
2011-08-21 10:44:15 ----D---- C:\Windows\system32\drivers
2011-08-21 10:38:24 ----AD---- C:\Windows
2011-08-21 10:38:24 ----A---- C:\Windows\system.ini
2011-08-21 10:38:12 ----D---- C:\Windows\system32\drivers\etc
2011-08-21 10:37:40 ----RD---- C:\Program Files (x86)
2011-08-21 10:34:52 ----D---- C:\Program Files (x86)\Steam
2011-08-21 10:34:52 ----D---- C:\Program Files (x86)\ICQ7.4
2011-08-21 10:31:14 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-21 10:31:14 ----D---- C:\Windows\SysWOW64
2011-08-21 10:31:14 ----D---- C:\Windows\System32
2011-08-21 10:31:14 ----D---- C:\Windows\AppPatch
2011-08-21 10:31:12 ----D---- C:\Program Files\Common Files
2011-08-21 10:31:12 ----D---- C:\Program Files (x86)\Common Files
2011-08-21 10:17:50 ----SHD---- C:\System Volume Information
2011-08-21 10:17:18 ----D---- C:\Windows\Prefetch
2011-08-21 00:49:16 ----D---- C:\Program Files (x86)\GamePark
2011-08-21 00:49:14 ----D---- C:\Program Files (x86)\FlashFXP 4
2011-08-21 00:49:10 ----D---- C:\Program Files (x86)\ffdshow
2011-08-21 00:47:37 ----D---- C:\Program Files (x86)\EasyPHP-5.3.6.0
2011-08-21 00:46:42 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-21 00:42:34 ----D---- C:\Program Files (x86)\BRS
2011-08-21 00:39:42 ----D---- C:\Program Files (x86)\Apple Software Update
2011-08-21 00:38:00 ----D---- C:\Program Files (x86)\Amnesia - The Dark Descent
2011-08-21 00:37:56 ----D---- C:\Program Files (x86)\America's Army Server Manager
2011-08-21 00:33:34 ----D---- C:\Program Files\CCleaner
2011-08-21 00:32:51 ----D---- C:\osa
2011-08-21 00:29:47 ----D---- C:\Inst
2011-08-21 00:28:30 ----D---- C:\GTR2
2011-08-21 00:20:36 ----D---- C:\Users\Jimi\AppData\Roaming\Xfire
2011-08-20 23:35:33 ----D---- C:\BMW M3 Challenge
2011-08-20 17:58:33 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-08-20 00:07:09 ----SHD---- C:\Windows\Installer
2011-08-20 00:07:07 ----D---- C:\Config.Msi
2011-08-20 00:00:30 ----RSD---- C:\Windows\assembly
2011-08-19 23:58:40 ----D---- C:\Users\Jimi\AppData\Roaming\uTorrent
2011-08-19 20:52:49 ----D---- C:\Users\Jimi\AppData\Roaming\gtk-2.0
2011-08-19 20:31:35 ----D---- C:\Program Files (x86)\Codemasters
2011-08-19 20:25:57 ----D---- C:\Users\Jimi\AppData\Roaming\Skype
2011-08-19 19:28:44 ----D---- C:\Program Files (x86)\QuadCoreM2
2011-08-19 11:01:14 ----D---- C:\ProgramData\Xfire
2011-08-19 10:30:14 ----D---- C:\Windows\system32\NDF
2011-08-18 15:07:24 ----RSD---- C:\Windows\Fonts
2011-08-18 01:03:43 ----D---- C:\Windows\winsxs
2011-08-17 11:56:06 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6
2011-08-16 17:34:57 ----D---- C:\ProgramData
2011-08-16 17:26:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-16 17:13:10 ----A---- C:\Windows\wincmd.ini
2011-08-15 19:52:59 ----D---- C:\Games
2011-08-15 19:44:33 ----D---- C:\Temp
2011-08-15 19:43:54 ----D---- C:\Windows\system32\catroot2
2011-08-15 18:40:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-15 18:40:39 ----D---- C:\Windows\inf
2011-08-13 15:26:05 ----D---- C:\Program Files (x86)\SEGA
2011-08-11 19:40:31 ----D---- C:\Windows\system32\catroot
2011-08-11 12:55:03 ----D---- C:\Windows\Microsoft.NET
2011-08-11 04:10:31 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 04:10:31 ----D---- C:\Windows\system32\migration
2011-08-11 04:10:31 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-11 04:10:30 ----D---- C:\Program Files\Internet Explorer
2011-08-11 03:14:56 ----A---- C:\Windows\system32\MRT.INI
2011-08-11 03:11:24 ----D---- C:\Windows\debug
2011-08-11 03:11:21 ----A---- C:\Windows\system32\MRT.exe
2011-08-11 03:10:18 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-08-08 23:52:24 ----D---- C:\Users\Jimi\AppData\Roaming\vlc
2011-08-07 21:09:21 ----D---- C:\Users\Jimi\AppData\Roaming\Sony
2011-08-07 20:57:33 ----D---- C:\ProgramData\Sony
2011-08-07 20:57:33 ----D---- C:\Program Files (x86)\Sony
2011-08-05 23:15:56 ----D---- C:\ProgramData\Codemasters
2011-08-05 12:41:11 ----A---- C:\Windows\SYSWOW64\pbsvc_bc2.exe
2011-08-04 04:00:33 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2011-08-04 04:00:33 ----A---- C:\Windows\system32\OpenAL32.dll
2011-08-02 14:27:29 ----D---- C:\Users\Jimi\AppData\Roaming\.minecraft server
2011-07-30 01:06:39 ----D---- C:\Windows\rescache
2011-07-29 18:59:33 ----D---- C:\Windows\system32\Tasks
2011-07-29 18:59:32 ----D---- C:\Windows\Tasks
2011-07-29 15:57:28 ----D---- C:\ProgramData\DivX
2011-07-29 15:57:28 ----D---- C:\Program Files (x86)\DivX
2011-07-29 15:57:21 ----D---- C:\Program Files\DivX
2011-07-28 21:44:48 ----D---- C:\Windows\SYSWOW64\en-US
2011-07-28 21:44:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-28 21:44:48 ----D---- C:\Windows\system32\cs-CZ
2011-07-28 21:44:48 ----D---- C:\Windows\PolicyDefinitions
2011-07-28 21:44:47 ----D---- C:\Windows\system32\en-US
2011-07-28 21:43:43 ----D---- C:\Boot
2011-07-28 21:42:30 ----D---- C:\Windows\system32\DriverStore
2011-07-28 21:33:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-28 21:33:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-28 21:33:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-28 21:33:27 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-28 21:33:27 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Sidebar
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Portable Devices
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Media Player
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Mail
2011-07-28 21:33:26 ----D---- C:\Program Files\Windows Journal
2011-07-28 21:33:26 ----D---- C:\Program Files\DVD Maker
2011-07-28 21:33:24 ----D---- C:\Windows\servicing
2011-07-28 21:33:24 ----D---- C:\Windows\ehome
2011-07-28 21:33:24 ----D---- C:\Program Files\Windows Defender
2011-07-28 21:33:18 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2011-07-28 21:33:17 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-28 21:33:17 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-28 21:33:17 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-28 21:33:17 ----D---- C:\Windows\SYSWOW64\cs
2011-07-28 21:33:17 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-28 21:33:16 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-28 21:33:16 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-28 21:33:16 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-28 21:33:16 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-28 21:33:15 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-28 21:33:15 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-28 21:32:58 ----D---- C:\Windows\system32\oobe
2011-07-28 21:32:58 ----D---- C:\Windows\system32\da-DK
2011-07-28 21:32:57 ----D---- C:\Windows\system32\Setup
2011-07-28 21:32:57 ----D---- C:\Windows\system32\cs
2011-07-28 21:32:57 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-28 21:32:53 ----D---- C:\Windows\system32\sppui
2011-07-28 21:32:53 ----D---- C:\Windows\system32\manifeststore
2011-07-28 21:32:53 ----D---- C:\Windows\system32\es-ES
2011-07-28 21:32:52 ----D---- C:\Windows\system32\wbem
2011-07-28 21:32:52 ----D---- C:\Windows\system32\migwiz
2011-07-28 21:32:52 ----D---- C:\Windows\system32\drivers\UMDF
2011-07-28 21:32:52 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-28 21:32:51 ----D---- C:\Windows\system32\Dism
2011-07-28 21:32:23 ----D---- C:\Windows\system32\Boot
2011-07-28 21:04:32 ----D---- C:\Windows\Logs
2011-07-28 20:55:23 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-28 20:52:10 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-07-28 20:52:10 ----A---- C:\Windows\system32\msclmd.dll
2011-07-28 16:06:58 ----D---- C:\Users\Jimi\AppData\Roaming\skypePM
2011-07-25 21:05:06 ----D---- C:\Program Files (x86)\NCSoft
2011-07-25 01:11:39 ----D---- C:\Program Files (x86)\rFactor-wtcc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-16 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2011-07-13 3854000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-10-17 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-10-17 43680]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
R3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2006-06-27 47616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 danewFltr;NewDeathAdder Mouse; C:\Windows\system32\drivers\danew.sys [2010-03-23 12032]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-10-05 2511464]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 VKbms;Virtual HID Minidriver; C:\Windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S3 axl3c51g;axl3c51g; C:\Windows\system32\drivers\axl3c51g.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\Users\Jirka\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 cpuz134;cpuz134; \??\C:\Users\OEM\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys []
S3 injectDLL;injectDLL; \??\C:\Users\Jimi\Desktop\M2Fish 3.0.4\Injector 32 bit\injectDLL.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-04 4682]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]
S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 68608]
S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 7168]
S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 89600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-20 203776]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-05-26 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2011-07-13 551896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-01-09 4291056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-06-02 403240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Poprosím o log z posledního skenu ComboFix. Najdete ho v C:\comobfix.txt.

ComboFix 11-08-21.01 - Jimi 21.08.2011 10:26:07.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.870 [GMT 2:00]
Spuštěný z: c:\users\Jimi\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ICQ7.4\ICQ.exe
c:\program files (x86)\Steam\Steam.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\users\Jimi\AppData\Roaming\data.dat
c:\users\Jimi\AppData\Roaming\chrtmp
c:\users\Jimi\AppData\Roaming\msnsvconfig.txt
c:\users\Jimi\WINDOWS
c:\users\Jura.OEM-PC\AppData\Roaming\data.dat
c:\users\Public\bf2_patch_1.41.exe
c:\users\Public\BF2_Patch_1.50.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerManager
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 08:35 . 2011-08-21 08:35 -------- d-----w- c:\users\OEM\AppData\Local\temp
2011-08-21 08:35 . 2011-08-21 08:35 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Local\temp
2011-08-21 08:35 . 2011-08-21 08:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 11:26 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{493DFFF7-1D25-4050-99CF-4F9BBC20B98F}\mpengine.dll
2011-08-17 01:00 . 2011-08-17 01:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-16 15:16 . 2011-08-16 15:16 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-08-14 15:48 . 2011-08-14 15:48 -------- d-----w- c:\programdata\Aspyr
2011-08-10 19:58 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:58 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 08:59 . 2011-08-09 08:59 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-08-06 22:04 . 2011-08-06 22:04 -------- d-----w- c:\program files (x86)\DExUS
2011-08-05 10:18 . 2011-08-19 18:31 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-08-04 02:00 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpAF6A.tmp
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:17 . 2011-08-14 15:20 -------- d-----w- c:\program files (x86)\Aspyr
2011-07-31 18:14 . 2011-07-31 18:54 -------- d-----w- c:\users\Jimi\AppData\Roaming\Tropico 3
2011-07-31 17:34 . 2011-07-31 17:34 -------- d-----w- c:\program files (x86)\Kalypso
2011-07-29 16:57 . 2010-09-16 10:26 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
2011-07-29 16:57 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2011-07-29 16:57 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2011-07-29 16:57 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2011-07-29 16:57 . 2004-08-04 06:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2011-07-29 16:57 . 2011-07-29 16:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-07-29 13:56 . 2011-07-29 13:57 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-07-28 18:41 . 2011-07-28 18:41 -------- d-----w- c:\windows\system32\SPReview
2011-07-28 18:37 . 2011-07-28 18:37 -------- d-----w- c:\windows\system32\EventProviders
2011-07-28 14:09 . 2011-08-21 07:03 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-07-28 14:09 . 2010-05-21 10:11 485376 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-07-28 14:09 . 2010-05-21 10:11 1147392 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-07-28 14:06 . 2011-08-19 17:13 -------- d-----w- c:\users\Jimi\AppData\Roaming\go
2011-07-28 14:06 . 2011-08-19 18:23 -------- d-----w- c:\programdata\Easybits GO
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\users\Jimi\AppData\Roaming\SUPERAntiSpyware.com
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\programdata\!SASCORE
2011-07-28 12:16 . 2011-08-20 22:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-28 08:52 . 2011-07-28 08:52 -------- d-sh--w- c:\programdata\SecuROM
2011-07-28 08:39 . 2011-07-28 08:39 -------- d--h--r- c:\users\Jimi\AppData\Roaming\SecuROM
2011-07-28 08:39 . 2011-07-28 08:53 -------- d-----w- c:\users\Jimi\AppData\Local\Rockstar Games
2011-07-28 08:36 . 2011-07-28 08:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-27 12:33 . 2011-07-27 12:33 -------- d-----w- c:\users\Jimi\AppData\Local\Western_Digital
2011-07-27 04:56 . 2011-07-27 04:56 -------- d-----w- c:\users\Jimi\AppData\Local\Western Digital
2011-07-26 18:31 . 2011-07-26 18:31 -------- d-----w- c:\programdata\Western Digital
2011-07-26 18:30 . 2011-07-26 18:30 -------- d-----w- c:\program files (x86)\Western Digital
2011-07-26 18:30 . 2011-07-26 18:30 -------- d-----w- c:\program files\Western Digital
2011-07-26 18:28 . 2011-07-26 18:28 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Local\Western Digital
2011-07-23 15:45 . 2011-07-23 15:45 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Roaming\Razer
2011-07-23 14:18 . 2011-07-23 14:18 -------- d-----w- c:\users\Jimi\AppData\Roaming\Razer
2011-07-23 14:03 . 2007-05-07 16:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl
2011-07-23 14:03 . 2010-09-30 22:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-07-23 14:03 . 2010-09-29 18:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-07-23 14:03 . 2010-03-23 14:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys
2011-07-23 14:03 . 2011-07-23 14:03 -------- d-----w- c:\program files (x86)\Razer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 15:58 . 2010-10-17 00:08 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-20 15:58 . 2010-10-17 00:08 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-08-20 15:58 . 2010-10-17 00:08 219128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-08-20 07:29 . 2010-10-30 07:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-08-19 09:33 . 2010-10-21 18:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-19 09:33 . 2010-10-21 18:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-12 08:26 . 2011-05-15 08:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 10:35 . 2010-10-30 07:26 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-05 10:41 . 2010-11-21 17:55 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-08-04 02:00 . 2010-10-23 03:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-04 02:00 . 2010-10-23 03:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-28 18:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 18:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 04:26 . 2011-08-10 19:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 12:59 . 2011-07-13 12:59 551896 ----a-w- c:\windows\system32\appdrvrem01.exe
2011-07-13 12:59 . 2011-07-13 12:59 3854000 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2011-06-11 03:07 . 2011-07-13 02:10 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-05-30 11:39 . 2010-10-23 03:17 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-30 11:39 . 2010-10-23 03:17 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-26 05:28 . 2010-10-17 00:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-25 13:37 . 2011-06-11 09:08 809496 ----a-r- c:\windows\SysWow64\tmpE909.tmp
2011-05-25 13:37 . 2011-05-25 13:37 809496 ----a-r- c:\windows\SysWow64\tmpE8E9.tmp
2011-05-24 17:14 . 2010-10-15 15:38 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 09:40 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 09:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 09:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 09:40 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 09:40 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\XfireXO\prxtbXfi2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfi2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
c:\users\Jura.OEM-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\Jimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Jimi\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-11-24 1449696]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
R3 cpuz134;cpuz134;c:\users\OEM\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
R3 injectDLL;injectDLL;c:\users\Jimi\Desktop\M2Fish 3.0.4\Injector 32 bit\injectDLL.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-21 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-12-29 15:19]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 18:39]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 18:39]
.
2011-08-20 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-07-29 15:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18823.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Jimi\AppData\Roaming\Mozilla\Firefox\Profiles\llmxweud.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.4\ICQ.exe
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM_Wow6432Node-ActiveSetup-{1FEEF307-EBAB-CFAE-1DAF-CD0A4A55D6A8} - c:\users\Jura.OEM-PC\AppData\Roaming\csrss.exe
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-AssaultCube_v1.1.0.4 - c:\program files (x86)\AssaultCube_v1.1.0.4\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
AddRemove-The Guild 2 - Pirates of the European Seas - c:\program files (x86)\The Guild 2 - Pirates of the European Seas\uninstall.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
AddRemove-Čeština Dragon Age Origins 1.00 - c:\program files (x86)\Dragon Age\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4193985336-1145485995-3161274808-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,17,e8,87,06,ba,51,31,2b,1d,31,c9,87,94,7b,c3,77,2f,c8,93,6b,9d,7a,
c1,89,5a,9b,41,ec,0d,39,30,86,7b,00,13,ca,d0,9c,43,c7,a5,6a,8e,a8,ab,35,b0,\
"??"=hex:b1,cc,c8,19,c4,98,8f,84,86,8e,39,24,12,ee,57,52
.
[HKEY_USERS\S-1-5-21-4193985336-1145485995-3161274808-1005\Software\SecuROM\License information*]
"datasecu"=hex:77,58,70,26,df,94,03,0a,94,56,a6,a7,54,df,b0,49,3f,59,7c,24,65,
82,f8,83,ec,fd,72,e7,da,85,9a,83,77,b3,bb,b9,0f,3d,b9,ad,1b,fa,fe,43,32,89,\
"rkeysecu"=hex:99,a3,32,2d,37,5e,88,db,5b,a3,e7,73,b4,75,17,2f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\GameBox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 10:44:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 08:44
.
Před spuštěním: Volných bajtů: 51 479 326 720
Po spuštění: Volných bajtů: 54 869 286 912
.
- - End Of File - - 2A7FB2206B45BB9C3C1C8FE9248E4CE9

Ještě dočistíme. Přesuňte Combofix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\SysWow64\tmpAF6A.tmp
c:\windows\SysWow64\tmpE909.tmp
c:\windows\SysWow64\tmpE8E9.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

tak ukol splnen mam sem nakopirovat log ?

jimi267 píše:tak ukol splnen mam sem nakopirovat log ?

Ano. Musíme se přesvědčit, že tam nic nezbylo.

tu je


ComboFix 11-08-21.01 - Jimi 21.08.2011 18:34:01.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.875 [GMT 2:00]
Spuštěný z: c:\users\Jimi\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jimi\Desktop\CFScript.txt.TXT
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpAF6A.tmp
c:\windows\SysWow64\tmpE8E9.tmp
c:\windows\SysWow64\tmpE909.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 16:47 . 2011-08-21 16:47 -------- d-----w- c:\users\OEM\AppData\Local\temp
2011-08-21 16:47 . 2011-08-21 16:47 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Local\temp
2011-08-21 16:47 . 2011-08-21 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 14:15 . 2011-08-21 14:15 -------- d-----w- C:\rsit
2011-08-21 14:15 . 2011-08-21 14:15 -------- d-----w- c:\program files\trend micro
2011-08-21 11:52 . 2011-08-21 16:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-08-19 11:26 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{493DFFF7-1D25-4050-99CF-4F9BBC20B98F}\mpengine.dll
2011-08-17 01:00 . 2011-08-17 01:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-16 15:16 . 2011-08-16 15:16 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-08-14 15:48 . 2011-08-14 15:48 -------- d-----w- c:\programdata\Aspyr
2011-08-10 19:58 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:58 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 08:59 . 2011-08-09 08:59 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-08-06 22:04 . 2011-08-06 22:04 -------- d-----w- c:\program files (x86)\DExUS
2011-08-05 10:18 . 2011-08-19 18:31 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:21 . 2011-08-04 01:21 65536 ----a-r- c:\users\Jimi\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-08-04 01:17 . 2011-08-14 15:20 -------- d-----w- c:\program files (x86)\Aspyr
2011-07-31 18:14 . 2011-07-31 18:54 -------- d-----w- c:\users\Jimi\AppData\Roaming\Tropico 3
2011-07-31 17:34 . 2011-07-31 17:34 -------- d-----w- c:\program files (x86)\Kalypso
2011-07-29 16:57 . 2010-09-16 10:26 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
2011-07-29 16:57 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2011-07-29 16:57 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2011-07-29 16:57 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2011-07-29 16:57 . 2004-08-04 06:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2011-07-29 16:57 . 2011-07-29 16:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-07-29 13:56 . 2011-07-29 13:57 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-07-28 18:41 . 2011-07-28 18:41 -------- d-----w- c:\windows\system32\SPReview
2011-07-28 18:37 . 2011-07-28 18:37 -------- d-----w- c:\windows\system32\EventProviders
2011-07-28 14:09 . 2011-08-21 07:03 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-07-28 14:09 . 2010-05-21 10:11 485376 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-07-28 14:09 . 2010-05-21 10:11 1147392 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-07-28 14:06 . 2011-08-19 17:13 -------- d-----w- c:\users\Jimi\AppData\Roaming\go
2011-07-28 14:06 . 2011-08-19 18:23 -------- d-----w- c:\programdata\Easybits GO
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\users\Jimi\AppData\Roaming\SUPERAntiSpyware.com
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-28 12:16 . 2011-07-28 12:16 -------- d-----w- c:\programdata\!SASCORE
2011-07-28 12:16 . 2011-08-21 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-28 08:52 . 2011-07-28 08:52 -------- d-sh--w- c:\programdata\SecuROM
2011-07-28 08:39 . 2011-07-28 08:39 -------- d--h--r- c:\users\Jimi\AppData\Roaming\SecuROM
2011-07-28 08:39 . 2011-07-28 08:53 -------- d-----w- c:\users\Jimi\AppData\Local\Rockstar Games
2011-07-28 08:36 . 2011-07-28 08:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-27 12:33 . 2011-07-27 12:33 -------- d-----w- c:\users\Jimi\AppData\Local\Western_Digital
2011-07-27 04:56 . 2011-07-27 04:56 -------- d-----w- c:\users\Jimi\AppData\Local\Western Digital
2011-07-26 18:31 . 2011-07-26 18:31 -------- d-----w- c:\programdata\Western Digital
2011-07-26 18:30 . 2011-07-26 18:30 -------- d-----w- c:\program files (x86)\Western Digital
2011-07-26 18:30 . 2011-07-26 18:30 -------- d-----w- c:\program files\Western Digital
2011-07-26 18:28 . 2011-07-26 18:28 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Local\Western Digital
2011-07-23 15:45 . 2011-07-23 15:45 -------- d-----w- c:\users\Jura.OEM-PC\AppData\Roaming\Razer
2011-07-23 14:18 . 2011-07-23 14:18 -------- d-----w- c:\users\Jimi\AppData\Roaming\Razer
2011-07-23 14:03 . 2007-05-07 16:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl
2011-07-23 14:03 . 2010-09-30 22:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-07-23 14:03 . 2010-09-29 18:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-07-23 14:03 . 2010-03-23 14:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys
2011-07-23 14:03 . 2011-07-23 14:03 -------- d-----w- c:\program files (x86)\Razer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 15:58 . 2010-10-17 00:08 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-20 15:58 . 2010-10-17 00:08 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-08-20 15:58 . 2010-10-17 00:08 219128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-08-20 07:29 . 2010-10-30 07:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-08-19 09:33 . 2010-10-21 18:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-19 09:33 . 2010-10-21 18:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-12 08:26 . 2011-05-15 08:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 10:35 . 2010-10-30 07:26 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-05 10:41 . 2010-11-21 17:55 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-08-04 02:00 . 2010-10-23 03:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-04 02:00 . 2010-10-23 03:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-28 18:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 18:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 04:26 . 2011-08-10 19:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 12:59 . 2011-07-13 12:59 551896 ----a-w- c:\windows\system32\appdrvrem01.exe
2011-07-13 12:59 . 2011-07-13 12:59 3854000 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2011-06-11 03:07 . 2011-07-13 02:10 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-05-30 11:39 . 2010-10-23 03:17 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-30 11:39 . 2010-10-23 03:17 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-26 05:28 . 2010-10-17 00:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-24 17:14 . 2010-10-15 15:38 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 09:40 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 09:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 09:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 09:40 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 09:40 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_08.38.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-08-19 08:26 37710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-21 08:40 37710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-22 04:41 . 2011-08-21 08:40 13546 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4193985336-1145485995-3161274808-1005_UserData.bin
+ 2010-10-15 15:03 . 2011-08-21 09:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-15 15:03 . 2011-08-16 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 15:03 . 2011-08-21 09:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 15:03 . 2011-08-16 16:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-21 09:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-16 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-21 16:49 . 2011-08-21 16:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-21 08:37 . 2011-08-21 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-21 16:49 . 2011-08-21 16:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-21 08:37 . 2011-08-21 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-05 21:31 . 2011-08-21 16:48 342992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-05 21:31 . 2011-08-21 08:36 342992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-08-21 16:48 331752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-21 08:36 331752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-14 10:29 . 2011-08-21 16:48 36741356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4193985336-1145485995-3161274808-1005-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\XfireXO\prxtbXfi2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfi2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
c:\users\Jura.OEM-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\Jimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Jimi\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-11-24 1449696]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
R3 cpuz134;cpuz134;c:\users\OEM\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 171504]
R3 injectDLL;injectDLL;c:\users\Jimi\Desktop\M2Fish 3.0.4\Injector 32 bit\injectDLL.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-21 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-12-29 15:19]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 18:39]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 18:39]
.
2011-08-21 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-07-29 15:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Jimi\AppData\Roaming\Mozilla\Firefox\Profiles\llmxweud.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4193985336-1145485995-3161274808-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,17,e8,87,06,ba,51,31,2b,1d,31,c9,87,94,7b,c3,77,2f,c8,93,6b,9d,7a,
c1,89,5a,9b,41,ec,0d,39,30,86,7b,00,13,ca,d0,9c,43,c7,a5,6a,8e,a8,ab,35,b0,\
"??"=hex:b1,cc,c8,19,c4,98,8f,84,86,8e,39,24,12,ee,57,52
.
[HKEY_USERS\S-1-5-21-4193985336-1145485995-3161274808-1005\Software\SecuROM\License information*]
"datasecu"=hex:77,58,70,26,df,94,03,0a,94,56,a6,a7,54,df,b0,49,3f,59,7c,24,65,
82,f8,83,ec,fd,72,e7,da,85,9a,83,77,b3,bb,b9,0f,3d,b9,ad,1b,fa,fe,43,32,89,\
"rkeysecu"=hex:99,a3,32,2d,37,5e,88,db,5b,a3,e7,73,b4,75,17,2f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\GameBox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 19:13:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 17:12
ComboFix2.txt 2011-08-21 08:44
.
Před spuštěním: Volných bajtů: 53 982 789 632
Po spuštění: Volných bajtů: 53 936 582 656
.
- - End Of File - - E8F2F20F9269CA50EBC56894B80AFA00
Nahr nˇ probŘhlo ŁspŘçnŘ

a jeste mam dotaz jeslti je normalni mit v procesech 14x svchost.exe ?

jimi267 píše:a jeste mam dotaz jeslti je normalni mit v procesech 14x svchost.exe ?

Možné to je. Záleží na tom, kolik síť. služeb řídí.

takze log je v poradku jestli ano tak moc dekuji