Prosim o kontrolu

[Jarda62]

Dobrý večer,
prosím o kontrolu logu. Počítač běží v pořádku, takže jen preventivka


Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarda at 2012-01-29 01:31:34
Microsoft Windows 7 Home Premium
System drive C: has 80 GB (17%) free of 477 GB
Total RAM: 8163 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:48, on 29.1.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jarda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-3344855712-2548836808-2162885872-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3344855712-2548836808-2162885872-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6913 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\Explorer.EXE
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 1144
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/InstantControlB/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=2492.01194780.892445823 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Jarda\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jarda\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll" --lang=cs --channel=2492.070B6A80.138797722 --flash-broker=2476 /prefetch:4
"C:\Users\Jarda\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default\extensions\
battlefieldplay4free@ea.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-05 79240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-09 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-08-15 7288424]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Google Update"=C:\Users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 19550344]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fylolt]
C:\Users\Jarda\AppData\Roaming\Fylolt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jarda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
C:\PROGRA~2\BINARY~1\HDDLIF~1\HDDLIF~1.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-01-29 01:31:34 ----D---- C:\rsit
2012-01-29 00:51:23 ----D---- C:\Program Files (x86)\Seagate
2012-01-28 20:15:04 ----D---- C:\Users\Jarda\AppData\Roaming\Trine2
2012-01-28 20:12:34 ----D---- C:\Program Files (x86)\Frozenbyte
2012-01-27 22:11:38 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2012-01-26 22:26:54 ----D---- C:\ProgramData\TmForever
2012-01-26 22:24:53 ----D---- C:\Program Files (x86)\TmNationsForever
2012-01-24 20:33:30 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-01-24 20:33:26 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-01-24 16:49:50 ----D---- C:\Users\Jarda\AppData\Roaming\Need for Speed World
2012-01-23 19:41:56 ----D---- C:\ProgramData\DivoGames
2012-01-22 22:29:56 ----D---- C:\Users\Jarda\AppData\Roaming\bizarre creations
2012-01-22 22:15:27 ----D---- C:\Program Files (x86)\Blur
2012-01-22 12:26:16 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-01-21 19:37:43 ----D---- C:\Program Files (x86)\Focus Home Interactive
2012-01-16 16:49:58 ----D---- C:\Program Files\2K Games
2012-01-16 16:48:33 ----D---- C:\Users\Jarda\AppData\Roaming\Bioshock
2012-01-15 12:16:21 ----D---- C:\ProgramData\Codemasters
2012-01-15 12:12:03 ----A---- C:\Windows\SYSWOW64\rapture3d_oal.dll
2012-01-15 12:12:03 ----A---- C:\Windows\SYSWOW64\mkl_blueripple.dll
2012-01-15 12:12:02 ----D---- C:\Program Files (x86)\BRS
2012-01-15 12:12:01 ----D---- C:\Program Files (x86)\OpenAL
2012-01-15 12:12:01 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2012-01-15 12:12:01 ----A---- C:\Windows\system32\wrap_oal.dll
2012-01-15 12:12:01 ----A---- C:\Windows\system32\OpenAL32.dll
2012-01-15 12:12:00 ----RA---- C:\Windows\SYSWOW64\tmp9963.tmp
2012-01-15 12:12:00 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2012-01-14 17:35:39 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-01-12 16:14:49 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-12 16:14:48 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-12 16:14:48 ----A---- C:\Windows\system32\quartz.dll
2012-01-12 16:14:48 ----A---- C:\Windows\system32\qdvd.dll
2012-01-12 16:14:47 ----A---- C:\Windows\system32\schannel.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\webio.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\sspicli.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\secur32.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\lsass.exe
2012-01-12 16:14:46 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-12 16:14:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-12 16:14:45 ----A---- C:\Windows\system32\jscript.dll
2012-01-12 16:14:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-12 16:14:29 ----A---- C:\Windows\system32\ntdll.dll
2012-01-12 16:14:23 ----A---- C:\Windows\system32\packager.dll
2012-01-12 16:14:22 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-09 16:54:17 ----D---- C:\Program Files (x86)\SQUARE ENIX - Eidos Interactive
2012-01-06 00:31:22 ----A---- C:\Windows\system32\rtvcvfw32.dll
2012-01-06 00:31:18 ----D---- C:\Program Files (x86)\MSI Afterburner
2012-01-05 12:20:42 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-01-05 12:20:42 ----A---- C:\Windows\system32\javaws.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\javaw.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\java.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\deployJava1.dll
2012-01-05 12:20:34 ----D---- C:\Program Files\Java
2012-01-05 12:15:17 ----D---- C:\Program Files (x86)\FileHippo.com
2012-01-04 19:02:35 ----D---- C:\ProgramData\NVIDIA
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvvsvc.exe
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvsvcr.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvsvc64.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvshext.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvmctray.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvcpl.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2012-01-04 19:02:20 ----D---- C:\ProgramData\NVIDIA Corporation
2012-01-04 19:01:46 ----A---- C:\Windows\system32\nvhdap64.dll
2012-01-04 19:01:46 ----A---- C:\Windows\system32\nvhdagenco6420102.dll
2012-01-04 19:01:46 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2012-01-04 17:41:25 ----HD---- C:\Windows\msdownld.tmp
2012-01-03 15:55:34 ----D---- C:\Program Files (x86)\Core Design
2012-01-03 15:55:27 ----A---- C:\Windows\IsUninst.exe
2012-01-01 23:09:43 ----SHD---- C:\ProgramData\DSS
2011-12-31 21:53:45 ----D---- C:\Users\Jarda\AppData\Roaming\FUEL
2011-12-31 21:48:27 ----D---- C:\Program Files (x86)\Codemasters
2011-12-31 16:13:00 ----D---- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2011-12-31 01:26:36 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-12-31 01:26:35 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe

======List of files/folders modified in the last 1 month======

2012-01-29 01:31:47 ----D---- C:\Program Files\trend micro
2012-01-29 01:28:19 ----D---- C:\Windows\temp
2012-01-29 01:26:59 ----SHD---- C:\System Volume Information
2012-01-29 01:26:24 ----SHD---- C:\Windows\Installer
2012-01-29 01:26:18 ----D---- C:\Windows\SysWOW64
2012-01-29 01:26:18 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-01-29 01:26:13 ----D---- C:\Windows\inf
2012-01-29 01:26:11 ----D---- C:\Windows\System32
2012-01-29 01:26:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-29 01:26:02 ----RSD---- C:\Windows\assembly
2012-01-29 01:24:27 ----D---- C:\Windows\Microsoft.NET
2012-01-29 01:14:06 ----D---- C:\Windows\system32\config
2012-01-29 01:12:42 ----D---- C:\Users\Jarda\AppData\Roaming\Skype
2012-01-29 01:09:09 ----D---- C:\Program Files (x86)\SpeedFan
2012-01-29 00:52:55 ----D---- C:\Windows
2012-01-29 00:51:23 ----RD---- C:\Program Files (x86)
2012-01-28 22:59:59 ----D---- C:\Windows\Prefetch
2012-01-28 22:59:58 ----RD---- C:\Program Files
2012-01-28 20:14:10 ----D---- C:\DOWNLOAD
2012-01-27 22:11:41 ----D---- C:\Windows\system32\drivers
2012-01-27 17:15:04 ----D---- C:\Users\Jarda\AppData\Roaming\uTorrent
2012-01-27 15:31:01 ----D---- C:\Users\Jarda\AppData\Roaming\DAEMON Tools Lite
2012-01-26 22:26:54 ----AD---- C:\ProgramData
2012-01-26 22:26:23 ----D---- C:\Windows\system32\catroot2
2012-01-26 19:19:06 ----D---- C:\Windows\system32\Tasks
2012-01-24 23:23:33 ----D---- C:\Windows\system32\catroot
2012-01-24 20:34:03 ----D---- C:\Windows\system32\DriverStore
2012-01-24 16:49:56 ----SD---- C:\Users\Jarda\AppData\Roaming\Microsoft
2012-01-23 22:24:01 ----D---- C:\ProgramData\Electronic Arts
2012-01-23 22:24:01 ----D---- C:\Program Files (x86)\Electronic Arts
2012-01-23 16:56:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-23 16:56:12 ----D---- C:\Program Files (x86)\Rockstar Games
2012-01-23 16:00:31 ----D---- C:\Program Files (x86)\World of Warcraft 3.3.5
2012-01-22 23:57:39 ----D---- C:\Windows\Tasks
2012-01-21 19:37:45 ----D---- C:\Windows\Logs
2012-01-21 19:26:48 ----D---- C:\Program Files (x86)\Atari
2012-01-21 19:26:20 ----D---- C:\Program Files (x86)\Common Files
2012-01-21 19:25:14 ----D---- C:\Program Files (x86)\Activision
2012-01-16 19:59:37 ----D---- C:\Program Files (x86)\2K Games
2012-01-15 12:12:27 ----D---- C:\Windows\winsxs
2012-01-15 12:11:05 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-15 12:10:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-15 11:10:20 ----D---- C:\Program Files\WinRAR
2012-01-15 00:31:33 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-01-14 17:21:54 ----D---- C:\Program Files (x86)\EA GAMES
2012-01-13 20:52:22 ----D---- C:\ProgramData\Ubisoft
2012-01-13 20:37:03 ----D---- C:\Program Files (x86)\Ubisoft
2012-01-13 18:09:20 ----D---- C:\Windows\debug
2012-01-12 22:55:16 ----D---- C:\Windows\ehome
2012-01-12 16:16:58 ----D---- C:\ProgramData\Microsoft Help
2012-01-12 16:15:20 ----A---- C:\Windows\system32\MRT.exe
2012-01-07 01:37:15 ----D---- C:\Program Files (x86)\Mafia 2
2012-01-05 18:19:26 ----D---- C:\Program Files (x86)\World of Warcraft 4.0.6
2012-01-05 12:17:18 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-04 19:02:46 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-01-04 19:02:37 ----RD---- C:\Users
2012-01-04 19:02:36 ----D---- C:\Program Files\NVIDIA Corporation
2012-01-04 19:02:23 ----D---- C:\Windows\Help
2012-01-04 18:22:31 ----D---- C:\Fraps
2012-01-04 17:41:35 ----D---- C:\Windows\SYSWOW64\directx
2012-01-04 10:26:37 ----N---- C:\Windows\system32\MpSigStub.exe
2011-12-31 01:23:53 ----D---- C:\Program Files (x86)\Battlefield 3
2011-12-30 22:11:41 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-24 283200]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2011-10-27 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2011-10-27 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2011-10-27 172104]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-31 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Roli]

Zdravím, proč nepoužíváš antivir


Tohle fixni v HJT :

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HJT najdeš zde :

C:\Program Files\trend micro\Jarda.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

NVIDIA Update Service Daemon

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Users\Jarda\AppData\Roaming\Fylolt.exe
C:\Windows\SYSWOW64\tmp9963.tmp

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fylolt]

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[Jarda62]

Antivir tu mám Microsoft Security Essentials.

Fixnutí proběhlo v pořádku.

Po použití OTMoveIt po mě chtěl restart. Log zde:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\tmp9962.tmp moved successfully.
C:\WINDOWS\System32\tmp9963.tmp moved successfully.
C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File/Folder C:\Users\Jarda\AppData\Roaming\Fylolt.exe not found.
File/Folder C:\Windows\SYSWOW64\tmp9963.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fylolt\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jarda
->Temp folder emptied: 119810390 bytes
->Temporary Internet Files folder emptied: 10580917 bytes
->Java cache emptied: 14774 bytes
->FireFox cache emptied: 270468183 bytes
->Google Chrome cache emptied: 392297795 bytes
->Flash cache emptied: 5707 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92100 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 58868602 bytes

Total Files Cleaned = 813,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01292012_175657

Files moved on Reboot...
C:\Users\Jarda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[Roli]

Antivir tu mám Microsoft Security Essentials

Promiň, přehlédl jsem ho

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jaký je stav PC.

[Jarda62]

Tak CleanUP sem provedl.

A chci se zeptat proč mi běží proces mbamservice.exe, když mám program vypnutý?

Ještě sem hodím log pro jistotu. A není ještě něco čím bych mohl počítač vyčistit od nevyžádané hrozby?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarda at 2012-01-29 21:56:34
Microsoft Windows 7 Home Premium
System drive C: has 78 GB (16%) free of 477 GB
Total RAM: 8163 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:37, on 29.1.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jarda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6298 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {D1E94DFC-865A-400A-8A2B-4F822E41CE55}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 1608
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=3084.05194C00.326377662 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Jarda\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Jarda\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jarda\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll" --lang=cs --channel=3084.087478C0.568444709 --flash-broker=3612 /prefetch:4
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jarda\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default\extensions\
battlefieldplay4free@ea.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-05 79240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-09 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-08-15 7288424]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 19550344]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fylolt]
C:\Users\Jarda\AppData\Roaming\Fylolt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jarda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
C:\PROGRA~2\BINARY~1\HDDLIF~1\HDDLIF~1.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-01-29 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-01-29 21:56:34 ----D---- C:\rsit
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\url.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\msrating.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\msls31.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2012-01-29 21:46:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\wextract.exe
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\occache.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\mshta.exe
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\inseng.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\icardie.dll
2012-01-29 21:46:36 ----A---- C:\Windows\SYSWOW64\admparse.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\wininet.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\urlmon.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-01-29 21:46:36 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-01-29 21:46:36 ----A---- C:\Windows\system32\pngfilt.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\occache.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\msrating.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\msls31.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\mshtmler.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\mshtml.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\mshta.exe
2012-01-29 21:46:36 ----A---- C:\Windows\system32\msfeedssync.exe
2012-01-29 21:46:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\jsproxy.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\jscript9.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\jscript.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\imgutil.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\ieUnatt.exe
2012-01-29 21:46:36 ----A---- C:\Windows\system32\iesysprep.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\iertutil.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\iepeers.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\ieakui.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\ieaksie.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\ieakeng.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-01-29 21:46:36 ----A---- C:\Windows\system32\admparse.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\wextract.exe
2012-01-29 21:46:35 ----A---- C:\Windows\system32\webcheck.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\vbscript.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\url.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\mshtmled.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\msfeeds.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\licmgr10.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\inseng.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\iexpress.exe
2012-01-29 21:46:35 ----A---- C:\Windows\system32\ieui.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\iesetup.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\iernonce.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\ieframe.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\iedkcs32.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\ieapfltr.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\ieapfltr.dat
2012-01-29 21:46:35 ----A---- C:\Windows\system32\ie4uinit.exe
2012-01-29 21:46:35 ----A---- C:\Windows\system32\icardie.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\dxtrans.dll
2012-01-29 21:46:35 ----A---- C:\Windows\system32\dxtmsft.dll
2012-01-29 21:28:42 ----D---- C:\Users\Jarda\AppData\Roaming\.minecraft
2012-01-29 00:51:23 ----D---- C:\Program Files (x86)\Seagate
2012-01-28 20:15:04 ----D---- C:\Users\Jarda\AppData\Roaming\Trine2
2012-01-28 20:12:34 ----D---- C:\Program Files (x86)\Frozenbyte
2012-01-27 22:11:38 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2012-01-26 22:26:54 ----D---- C:\ProgramData\TmForever
2012-01-26 22:24:53 ----D---- C:\Program Files (x86)\TmNationsForever
2012-01-24 20:33:30 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-01-24 20:33:26 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-01-24 16:49:50 ----D---- C:\Users\Jarda\AppData\Roaming\Need for Speed World
2012-01-23 19:41:56 ----D---- C:\ProgramData\DivoGames
2012-01-22 22:29:56 ----D---- C:\Users\Jarda\AppData\Roaming\bizarre creations
2012-01-22 22:15:27 ----D---- C:\Program Files (x86)\Blur
2012-01-22 12:26:16 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-01-21 19:37:43 ----D---- C:\Program Files (x86)\Focus Home Interactive
2012-01-16 16:49:58 ----D---- C:\Program Files\2K Games
2012-01-16 16:48:33 ----D---- C:\Users\Jarda\AppData\Roaming\Bioshock
2012-01-15 12:16:21 ----D---- C:\ProgramData\Codemasters
2012-01-15 12:12:03 ----A---- C:\Windows\SYSWOW64\rapture3d_oal.dll
2012-01-15 12:12:03 ----A---- C:\Windows\SYSWOW64\mkl_blueripple.dll
2012-01-15 12:12:02 ----D---- C:\Program Files (x86)\BRS
2012-01-15 12:12:01 ----D---- C:\Program Files (x86)\OpenAL
2012-01-15 12:12:01 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2012-01-15 12:12:01 ----A---- C:\Windows\system32\wrap_oal.dll
2012-01-15 12:12:01 ----A---- C:\Windows\system32\OpenAL32.dll
2012-01-15 12:12:00 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2012-01-14 17:35:39 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-01-12 16:14:49 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-12 16:14:48 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-12 16:14:48 ----A---- C:\Windows\system32\quartz.dll
2012-01-12 16:14:48 ----A---- C:\Windows\system32\qdvd.dll
2012-01-12 16:14:47 ----A---- C:\Windows\system32\schannel.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-12 16:14:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\webio.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\sspicli.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\secur32.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\lsass.exe
2012-01-12 16:14:46 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-12 16:14:46 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-12 16:14:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-12 16:14:29 ----A---- C:\Windows\system32\ntdll.dll
2012-01-12 16:14:23 ----A---- C:\Windows\system32\packager.dll
2012-01-12 16:14:22 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-09 16:54:17 ----D---- C:\Program Files (x86)\SQUARE ENIX - Eidos Interactive
2012-01-06 00:31:22 ----A---- C:\Windows\system32\rtvcvfw32.dll
2012-01-06 00:31:18 ----D---- C:\Program Files (x86)\MSI Afterburner
2012-01-05 12:20:42 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-01-05 12:20:42 ----A---- C:\Windows\system32\javaws.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\javaw.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\java.exe
2012-01-05 12:20:42 ----A---- C:\Windows\system32\deployJava1.dll
2012-01-05 12:20:34 ----D---- C:\Program Files\Java
2012-01-05 12:15:17 ----D---- C:\Program Files (x86)\FileHippo.com
2012-01-04 19:02:35 ----D---- C:\ProgramData\NVIDIA
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvvsvc.exe
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvsvcr.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvsvc64.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvshext.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvmctray.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\nvcpl.dll
2012-01-04 19:02:27 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2012-01-04 19:02:20 ----D---- C:\ProgramData\NVIDIA Corporation
2012-01-04 19:01:46 ----A---- C:\Windows\system32\nvhdap64.dll
2012-01-04 19:01:46 ----A---- C:\Windows\system32\nvhdagenco6420102.dll
2012-01-04 19:01:46 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2012-01-03 15:55:34 ----D---- C:\Program Files (x86)\Core Design
2012-01-03 15:55:27 ----A---- C:\Windows\IsUninst.exe
2012-01-01 23:09:43 ----SHD---- C:\ProgramData\DSS
2011-12-31 21:53:45 ----D---- C:\Users\Jarda\AppData\Roaming\FUEL
2011-12-31 21:48:27 ----D---- C:\Program Files (x86)\Codemasters
2011-12-31 01:26:36 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-12-31 01:26:35 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe

======List of files/folders modified in the last 1 month======

2012-01-29 21:56:36 ----D---- C:\Program Files\trend micro
2012-01-29 21:56:30 ----D---- C:\Users\Jarda\AppData\Roaming\Skype
2012-01-29 21:55:20 ----D---- C:\Windows\temp
2012-01-29 21:54:49 ----D---- C:\Windows\system32\config
2012-01-29 21:49:29 ----D---- C:\Windows\winsxs
2012-01-29 21:49:08 ----D---- C:\Windows\Panther
2012-01-29 21:47:44 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-01-29 21:47:44 ----D---- C:\Program Files\Internet Explorer
2012-01-29 21:47:44 ----D---- C:\Program Files (x86)\Internet Explorer
2012-01-29 21:47:43 ----D---- C:\Windows\SYSWOW64\migration
2012-01-29 21:47:43 ----D---- C:\Windows\SYSWOW64\en-US
2012-01-29 21:47:43 ----D---- C:\Windows\SysWOW64
2012-01-29 21:47:43 ----D---- C:\Windows\system32\cs-CZ
2012-01-29 21:47:42 ----D---- C:\Windows\system32\migration
2012-01-29 21:47:42 ----D---- C:\Windows\system32\en-US
2012-01-29 21:47:42 ----D---- C:\Windows\System32
2012-01-29 21:47:42 ----D---- C:\Windows\PolicyDefinitions
2012-01-29 21:47:36 ----D---- C:\Users\Jarda\AppData\Roaming\uTorrent
2012-01-29 21:47:28 ----D---- C:\Windows\Logs
2012-01-29 21:47:17 ----D---- C:\Windows\system32\catroot
2012-01-29 21:47:16 ----D---- C:\Windows\system32\catroot2
2012-01-29 21:44:13 ----D---- C:\Windows
2012-01-29 21:44:09 ----SHD---- C:\System Volume Information
2012-01-29 21:25:33 ----D---- C:\DOWNLOAD
2012-01-29 20:00:50 ----D---- C:\Windows\inf
2012-01-29 20:00:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-29 19:52:07 ----SHD---- C:\Windows\Installer
2012-01-29 19:51:55 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-01-29 19:51:37 ----RSD---- C:\Windows\assembly
2012-01-29 18:21:51 ----D---- C:\Windows\Microsoft.NET
2012-01-29 15:40:06 ----D---- C:\Program Files (x86)\SpeedFan
2012-01-29 14:57:14 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2012-01-29 00:51:23 ----RD---- C:\Program Files (x86)
2012-01-28 22:59:59 ----D---- C:\Windows\Prefetch
2012-01-28 22:59:58 ----RD---- C:\Program Files
2012-01-27 22:11:41 ----D---- C:\Windows\system32\drivers
2012-01-27 15:31:01 ----D---- C:\Users\Jarda\AppData\Roaming\DAEMON Tools Lite
2012-01-26 22:26:54 ----AD---- C:\ProgramData
2012-01-26 19:19:06 ----D---- C:\Windows\system32\Tasks
2012-01-24 20:34:03 ----D---- C:\Windows\system32\DriverStore
2012-01-24 16:49:56 ----SD---- C:\Users\Jarda\AppData\Roaming\Microsoft
2012-01-23 22:24:01 ----D---- C:\ProgramData\Electronic Arts
2012-01-23 22:24:01 ----D---- C:\Program Files (x86)\Electronic Arts
2012-01-23 16:56:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-23 16:56:12 ----D---- C:\Program Files (x86)\Rockstar Games
2012-01-23 16:00:31 ----D---- C:\Program Files (x86)\World of Warcraft 3.3.5
2012-01-22 23:57:39 ----D---- C:\Windows\Tasks
2012-01-21 19:26:48 ----D---- C:\Program Files (x86)\Atari
2012-01-21 19:26:20 ----D---- C:\Program Files (x86)\Common Files
2012-01-21 19:26:10 ----D---- C:\Users\Jarda\AppData\Roaming\Atari
2012-01-21 19:25:14 ----D---- C:\Program Files (x86)\Activision
2012-01-16 19:59:37 ----D---- C:\Program Files (x86)\2K Games
2012-01-15 12:11:05 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-15 12:10:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-15 11:10:20 ----D---- C:\Program Files\WinRAR
2012-01-15 00:31:33 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-01-14 17:21:54 ----D---- C:\Program Files (x86)\EA GAMES
2012-01-13 20:52:22 ----D---- C:\ProgramData\Ubisoft
2012-01-13 20:37:03 ----D---- C:\Program Files (x86)\Ubisoft
2012-01-13 18:09:20 ----D---- C:\Windows\debug
2012-01-12 22:55:16 ----D---- C:\Windows\ehome
2012-01-12 16:16:58 ----D---- C:\ProgramData\Microsoft Help
2012-01-12 16:15:20 ----A---- C:\Windows\system32\MRT.exe
2012-01-07 01:37:15 ----D---- C:\Program Files (x86)\Mafia 2
2012-01-05 18:19:26 ----D---- C:\Program Files (x86)\World of Warcraft 4.0.6
2012-01-05 12:17:18 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-04 19:02:46 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-01-04 19:02:37 ----RD---- C:\Users
2012-01-04 19:02:36 ----D---- C:\Program Files\NVIDIA Corporation
2012-01-04 19:02:23 ----D---- C:\Windows\Help
2012-01-04 18:22:31 ----D---- C:\Fraps
2012-01-04 17:41:35 ----D---- C:\Windows\SYSWOW64\directx
2012-01-04 10:26:37 ----N---- C:\Windows\system32\MpSigStub.exe
2011-12-31 01:23:53 ----D---- C:\Program Files (x86)\Battlefield 3
2011-12-30 22:11:41 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-24 283200]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2011-10-27 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2011-10-27 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2011-10-27 172104]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-31 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

-----------------EOF-----------------

[Roli]

To že běží ten proces od Mbam je po jeho instalaci normální, stačí v nastavení zrušit spouštění po startu PC.

Ještě tam pustíme větší kalibr, protože jeden soubor se nesmazal.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Jarda62]

A ještě mi přijde že disk furt něco dělá. Je slyšet i když na pc nic nedělám. Nešlo by zjistit jestli je v něčem chybka?
Zde je log:

ComboFix 12-01-29.02 - Jarda 29.01.2012 22:46:52.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8163.6599 [GMT 1:00]
Spuštěný z: c:\users\Jarda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 21:49 . 2012-01-29 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-29 21:49 . 2012-01-29 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 20:56 . 2012-01-29 20:56 -------- d-----w- C:\rsit
2012-01-29 20:28 . 2012-01-29 20:28 -------- d-----w- c:\users\Jarda\AppData\Roaming\.minecraft
2012-01-29 18:52 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65AE9CEE-09AD-4370-A0A8-6DE5DA2CD212}\mpengine.dll
2012-01-28 23:51 . 2012-01-28 23:51 -------- d-----w- c:\program files (x86)\Seagate
2012-01-28 19:15 . 2012-01-28 19:15 -------- d-----w- c:\users\Jarda\AppData\Roaming\Trine2
2012-01-28 19:12 . 2012-01-28 19:12 -------- d-----w- c:\program files (x86)\Frozenbyte
2012-01-27 21:11 . 2012-01-29 21:45 -------- d-----w- c:\users\Jarda\AppData\Local\LogMeIn Hamachi
2012-01-27 21:11 . 2012-01-27 21:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-01-26 21:26 . 2012-01-26 21:47 -------- d-----w- c:\programdata\TmForever
2012-01-26 21:24 . 2012-01-26 21:25 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-01-24 19:33 . 2012-01-24 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 19:33 . 2012-01-24 19:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\users\Jarda\AppData\Roaming\Need for Speed World
2012-01-23 21:24 . 2012-01-23 21:24 -------- d-----w- c:\users\Jarda\AppData\Local\Electronic_Arts_Inc
2012-01-23 18:41 . 2012-01-23 18:41 -------- d-----w- c:\programdata\DivoGames
2012-01-22 22:57 . 2012-01-22 22:58 -------- d-----w- c:\users\Jarda\AppData\Local\Google
2012-01-22 21:29 . 2012-01-22 21:29 -------- d-----w- c:\users\Jarda\AppData\Roaming\bizarre creations
2012-01-22 21:15 . 2012-01-29 17:46 -------- d-----w- c:\program files (x86)\Blur
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\users\Jarda\AppData\Local\Focus Home Interactive
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\program files (x86)\Focus Home Interactive
2012-01-16 15:49 . 2012-01-16 15:49 -------- d-----w- c:\program files\2K Games
2012-01-16 15:48 . 2012-01-18 17:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Bioshock
2012-01-15 11:16 . 2012-01-15 11:16 -------- d-----w- c:\programdata\Codemasters
2012-01-15 11:12 . 2011-05-06 12:40 1302528 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-01-15 11:12 . 2010-09-22 13:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\BRS
2012-01-15 11:12 . 2012-01-15 11:12 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\OpenAL
2012-01-15 11:12 . 2012-01-15 11:12 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-14 16:35 . 2012-01-14 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-01-09 15:54 . 2012-01-09 15:54 -------- d-----w- c:\program files (x86)\SQUARE ENIX - Eidos Interactive
2012-01-05 23:31 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-01-05 23:31 . 2012-01-14 11:30 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-01-05 11:20 . 2012-01-05 11:20 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 -------- d-----w- c:\program files\Java
2012-01-05 11:15 . 2012-01-05 11:15 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\users\UpdatusUser
2012-01-04 18:02 . 2012-01-29 21:50 -------- d-----w- c:\programdata\NVIDIA
2012-01-04 18:02 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-04 18:02 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-04 18:02 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-04 18:02 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-04 18:02 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-04 18:02 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2012-01-04 18:02 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-04 18:01 . 2011-07-07 23:21 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-04 18:01 . 2011-07-07 23:21 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-04 18:01 . 2011-07-07 23:21 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-01-03 14:55 . 2012-01-03 14:55 -------- d-----w- c:\program files (x86)\Core Design
2012-01-03 14:55 . 1997-06-02 11:32 314880 ----a-w- c:\windows\IsUninst.exe
2012-01-01 22:09 . 2012-01-01 22:09 -------- d-sh--w- c:\programdata\DSS
2011-12-31 20:53 . 2011-12-31 20:53 -------- d-----w- c:\users\Jarda\AppData\Roaming\FUEL
2011-12-31 20:48 . 2012-01-22 21:29 -------- d-----w- c:\program files (x86)\Codemasters
2011-12-31 15:12 . 2012-01-28 23:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-31 00:29 . 2011-12-31 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-31 00:26 . 2011-12-31 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-31 00:26 . 2011-12-31 00:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 11:17 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-15 11:17 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-06 05:15 . 2011-12-21 17:46 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2011-12-08 21:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 13:23 . 2011-12-21 13:23 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{259B48DE-15A5-4C16-8349-C37BB990A7E2}\gapaengine.dll
2011-12-10 14:24 . 2011-12-20 22:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 14:24 . 2011-12-09 14:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-08 22:57 . 2011-12-08 22:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 21:36 . 2011-12-08 21:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-08 21:30 . 2011-12-20 21:34 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0DC7132-51FC-4377-B6FD-2C4A9B0CF2AA}\mpengine.dll
2011-11-24 05:00 . 2011-12-14 17:13 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 07:10 . 2012-01-12 15:14 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-12 15:14 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:17 . 2011-12-14 17:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:30 . 2011-12-14 17:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000Core.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000UA.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Minecraft Cracked - c:\users\Jarda\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,ef,af,33,c3,a5,c9,7d,8e,6f,88,28,44,a0,db,34,22,31,8f,f7,1c,ed,a9,
3a,d8,a7,0c,39,b0,5f,4f,15,02,74,2a,09,40,ef,70,8d,e9,4b,14,a0,86,70,c5,ef,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,18,3e,bd,f5,8a,21,0f,ce,c3,df,7a,29,b7,ce,9e,10,db,cf,d3,3d,
35,c5,51,e3,4f,7b,bd,b0,62,9e,a9,b4,30,6f,9a,9b,97,c4,b1,e7,db,5c,3e,a3,03,\
"rkeysecu"=hex:4c,63,69,2b,59,a1,c3,1d,c3,e1,c0,29,d0,6a,5d,ee
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-01-29 22:54:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-29 21:54
.
Před spuštěním: Volných bajtů: 81 343 049 728
Po spuštění: Volných bajtů: 80 981 532 672
.
- - End Of File - - 1CDF8F1F6604476CABC1411785515DD1

[Roli]

Než budeme pokračovat tohle :

c:\windows\system32\rtvcvfw32.dll

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

[Jarda62]

Divné když ten soubor hledám přes tu internetovou stránku tak tam neni. Ale přes průzkumníka tam je.

[Roli]

Čistě teoreticky by to mělo být k aplikaci od MSI na přetaktování.

Tak se zeptám máš některou komponentu (základní desku, grafiku) od MSI

Nebo jdi na VIRUSSCAN

otestuj znovu :

c:\windows\system32\rtvcvfw32.dll

v horním okénku klikni na Procházet najdi soubor, klikni na Odeslat soubor

a po skončení testu mi sem zkopíruj Trvalý odkaz.

[Jarda62]

Od MSI mám základní desku a grafiku . Program na přetaktování tu mám MSI Afterburner. Zvýšený takty nemám.

Jinak na té stránce to taky píše že požadovaný soubor byl nenalezen.

[Roli]

V tom případě to bude v pohodě, ale ještě dočistíme.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::  
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Jarda62]

Po spuštění na mě vyskočil dotaz že je možno aktualizovat ComboFix. Dal sem ano a tady je log:

ComboFix 12-01-29.02 - Jarda 29.01.2012 22:46:52.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8163.6599 [GMT 1:00]
Spuštěný z: c:\users\Jarda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 21:49 . 2012-01-29 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-29 21:49 . 2012-01-29 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 20:56 . 2012-01-29 20:56 -------- d-----w- C:\rsit
2012-01-29 20:28 . 2012-01-29 20:28 -------- d-----w- c:\users\Jarda\AppData\Roaming\.minecraft
2012-01-29 18:52 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65AE9CEE-09AD-4370-A0A8-6DE5DA2CD212}\mpengine.dll
2012-01-28 23:51 . 2012-01-28 23:51 -------- d-----w- c:\program files (x86)\Seagate
2012-01-28 19:15 . 2012-01-28 19:15 -------- d-----w- c:\users\Jarda\AppData\Roaming\Trine2
2012-01-28 19:12 . 2012-01-28 19:12 -------- d-----w- c:\program files (x86)\Frozenbyte
2012-01-27 21:11 . 2012-01-29 21:45 -------- d-----w- c:\users\Jarda\AppData\Local\LogMeIn Hamachi
2012-01-27 21:11 . 2012-01-27 21:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-01-26 21:26 . 2012-01-26 21:47 -------- d-----w- c:\programdata\TmForever
2012-01-26 21:24 . 2012-01-26 21:25 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-01-24 19:33 . 2012-01-24 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 19:33 . 2012-01-24 19:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\users\Jarda\AppData\Roaming\Need for Speed World
2012-01-23 21:24 . 2012-01-23 21:24 -------- d-----w- c:\users\Jarda\AppData\Local\Electronic_Arts_Inc
2012-01-23 18:41 . 2012-01-23 18:41 -------- d-----w- c:\programdata\DivoGames
2012-01-22 22:57 . 2012-01-22 22:58 -------- d-----w- c:\users\Jarda\AppData\Local\Google
2012-01-22 21:29 . 2012-01-22 21:29 -------- d-----w- c:\users\Jarda\AppData\Roaming\bizarre creations
2012-01-22 21:15 . 2012-01-29 17:46 -------- d-----w- c:\program files (x86)\Blur
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\users\Jarda\AppData\Local\Focus Home Interactive
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\program files (x86)\Focus Home Interactive
2012-01-16 15:49 . 2012-01-16 15:49 -------- d-----w- c:\program files\2K Games
2012-01-16 15:48 . 2012-01-18 17:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Bioshock
2012-01-15 11:16 . 2012-01-15 11:16 -------- d-----w- c:\programdata\Codemasters
2012-01-15 11:12 . 2011-05-06 12:40 1302528 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-01-15 11:12 . 2010-09-22 13:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\BRS
2012-01-15 11:12 . 2012-01-15 11:12 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\OpenAL
2012-01-15 11:12 . 2012-01-15 11:12 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-14 16:35 . 2012-01-14 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-01-09 15:54 . 2012-01-09 15:54 -------- d-----w- c:\program files (x86)\SQUARE ENIX - Eidos Interactive
2012-01-05 23:31 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-01-05 23:31 . 2012-01-14 11:30 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-01-05 11:20 . 2012-01-05 11:20 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 -------- d-----w- c:\program files\Java
2012-01-05 11:15 . 2012-01-05 11:15 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\users\UpdatusUser
2012-01-04 18:02 . 2012-01-29 21:50 -------- d-----w- c:\programdata\NVIDIA
2012-01-04 18:02 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-04 18:02 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-04 18:02 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-04 18:02 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-04 18:02 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-04 18:02 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2012-01-04 18:02 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-04 18:01 . 2011-07-07 23:21 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-04 18:01 . 2011-07-07 23:21 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-04 18:01 . 2011-07-07 23:21 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-01-03 14:55 . 2012-01-03 14:55 -------- d-----w- c:\program files (x86)\Core Design
2012-01-03 14:55 . 1997-06-02 11:32 314880 ----a-w- c:\windows\IsUninst.exe
2012-01-01 22:09 . 2012-01-01 22:09 -------- d-sh--w- c:\programdata\DSS
2011-12-31 20:53 . 2011-12-31 20:53 -------- d-----w- c:\users\Jarda\AppData\Roaming\FUEL
2011-12-31 20:48 . 2012-01-22 21:29 -------- d-----w- c:\program files (x86)\Codemasters
2011-12-31 15:12 . 2012-01-28 23:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-31 00:29 . 2011-12-31 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-31 00:26 . 2011-12-31 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-31 00:26 . 2011-12-31 00:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 11:17 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-15 11:17 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-06 05:15 . 2011-12-21 17:46 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2011-12-08 21:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 13:23 . 2011-12-21 13:23 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{259B48DE-15A5-4C16-8349-C37BB990A7E2}\gapaengine.dll
2011-12-10 14:24 . 2011-12-20 22:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 14:24 . 2011-12-09 14:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-08 22:57 . 2011-12-08 22:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 21:36 . 2011-12-08 21:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-08 21:30 . 2011-12-20 21:34 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0DC7132-51FC-4377-B6FD-2C4A9B0CF2AA}\mpengine.dll
2011-11-24 05:00 . 2011-12-14 17:13 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 07:10 . 2012-01-12 15:14 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-12 15:14 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:17 . 2011-12-14 17:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:30 . 2011-12-14 17:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000Core.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000UA.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Minecraft Cracked - c:\users\Jarda\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,ef,af,33,c3,a5,c9,7d,8e,6f,88,28,44,a0,db,34,22,31,8f,f7,1c,ed,a9,
3a,d8,a7,0c,39,b0,5f,4f,15,02,74,2a,09,40,ef,70,8d,e9,4b,14,a0,86,70,c5,ef,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,18,3e,bd,f5,8a,21,0f,ce,c3,df,7a,29,b7,ce,9e,10,db,cf,d3,3d,
35,c5,51,e3,4f,7b,bd,b0,62,9e,a9,b4,30,6f,9a,9b,97,c4,b1,e7,db,5c,3e,a3,03,\
"rkeysecu"=hex:4c,63,69,2b,59,a1,c3,1d,c3,e1,c0,29,d0,6a,5d,ee
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-01-29 22:54:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-29 21:54
.
Před spuštěním: Volných bajtů: 81 343 049 728
Po spuštění: Volných bajtů: 80 981 532 672
.
- - End Of File - - 1CDF8F1F6604476CABC1411785515DD1

[Roli]

To je sice hezké že jsi aktualizoval ComboFix, ale neudělal jsi správně tu akci s tím skriptem.

Tak že znovu a pořádně

[Jarda62]

Omlouvám se, snad už je to teď v pořádku.

ComboFix 12-01-30.02 - Jarda 31.01.2012 21:42:04.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8163.6589 [GMT 1:00]
Spuštěný z: c:\users\Jarda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 20:45 . 2012-01-31 20:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-31 20:45 . 2012-01-31 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 22:03 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF5483E5-96A4-4F6D-8719-E54FC38B481C}\mpengine.dll
2012-01-29 20:56 . 2012-01-29 20:56 -------- d-----w- C:\rsit
2012-01-29 20:28 . 2012-01-29 20:28 -------- d-----w- c:\users\Jarda\AppData\Roaming\.minecraft
2012-01-28 23:51 . 2012-01-28 23:51 -------- d-----w- c:\program files (x86)\Seagate
2012-01-28 19:15 . 2012-01-28 19:15 -------- d-----w- c:\users\Jarda\AppData\Roaming\Trine2
2012-01-28 19:12 . 2012-01-28 19:12 -------- d-----w- c:\program files (x86)\Frozenbyte
2012-01-27 21:11 . 2012-01-31 15:27 -------- d-----w- c:\users\Jarda\AppData\Local\LogMeIn Hamachi
2012-01-27 21:11 . 2012-01-27 21:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-01-26 21:26 . 2012-01-26 21:47 -------- d-----w- c:\programdata\TmForever
2012-01-26 21:24 . 2012-01-26 21:25 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-01-24 19:33 . 2012-01-24 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 19:33 . 2012-01-24 19:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-24 15:49 . 2012-01-24 15:49 -------- d-----w- c:\users\Jarda\AppData\Roaming\Need for Speed World
2012-01-23 21:24 . 2012-01-23 21:24 -------- d-----w- c:\users\Jarda\AppData\Local\Electronic_Arts_Inc
2012-01-23 18:41 . 2012-01-23 18:41 -------- d-----w- c:\programdata\DivoGames
2012-01-22 22:57 . 2012-01-22 22:58 -------- d-----w- c:\users\Jarda\AppData\Local\Google
2012-01-22 21:29 . 2012-01-22 21:29 -------- d-----w- c:\users\Jarda\AppData\Roaming\bizarre creations
2012-01-22 21:15 . 2012-01-29 17:46 -------- d-----w- c:\program files (x86)\Blur
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\users\Jarda\AppData\Local\Focus Home Interactive
2012-01-21 18:37 . 2012-01-21 18:37 -------- d-----w- c:\program files (x86)\Focus Home Interactive
2012-01-16 15:49 . 2012-01-16 15:49 -------- d-----w- c:\program files\2K Games
2012-01-16 15:48 . 2012-01-18 17:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Bioshock
2012-01-15 11:16 . 2012-01-15 11:16 -------- d-----w- c:\programdata\Codemasters
2012-01-15 11:12 . 2011-05-06 12:40 1302528 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-01-15 11:12 . 2010-09-22 13:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\BRS
2012-01-15 11:12 . 2012-01-15 11:12 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-15 11:12 . 2012-01-15 11:12 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-15 11:12 . 2012-01-15 11:12 -------- d-----w- c:\program files (x86)\OpenAL
2012-01-15 11:12 . 2012-01-15 11:12 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-14 16:35 . 2012-01-14 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-01-09 15:54 . 2012-01-09 15:54 -------- d-----w- c:\program files (x86)\SQUARE ENIX - Eidos Interactive
2012-01-05 23:31 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-01-05 23:31 . 2012-01-14 11:30 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-01-05 11:20 . 2012-01-05 11:20 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-05 11:20 . 2012-01-05 11:20 -------- d-----w- c:\program files\Java
2012-01-05 11:15 . 2012-01-05 11:15 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\users\UpdatusUser
2012-01-04 18:02 . 2012-01-31 20:46 -------- d-----w- c:\programdata\NVIDIA
2012-01-04 18:02 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-04 18:02 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-04 18:02 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-04 18:02 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-04 18:02 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-04 18:02 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2012-01-04 18:02 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-04 18:02 . 2012-01-04 18:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-04 18:01 . 2011-07-07 23:21 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-04 18:01 . 2011-07-07 23:21 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-04 18:01 . 2011-07-07 23:21 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-01-03 14:55 . 2012-01-03 14:55 -------- d-----w- c:\program files (x86)\Core Design
2012-01-03 14:55 . 1997-06-02 11:32 314880 ----a-w- c:\windows\IsUninst.exe
2012-01-01 22:09 . 2012-01-01 22:09 -------- d-sh--w- c:\programdata\DSS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 11:17 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-15 11:17 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-06 05:15 . 2011-12-21 17:46 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2011-12-08 21:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-31 00:29 . 2011-12-31 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-31 00:29 . 2011-12-31 00:26 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-31 00:26 . 2011-12-31 00:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-21 13:23 . 2011-12-21 13:23 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{259B48DE-15A5-4C16-8349-C37BB990A7E2}\gapaengine.dll
2011-12-10 14:24 . 2011-12-20 22:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 14:24 . 2011-12-09 14:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-08 22:57 . 2011-12-08 22:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 21:36 . 2011-12-08 21:36 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-08 21:30 . 2011-12-20 21:34 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0DC7132-51FC-4377-B6FD-2C4A9B0CF2AA}\mpengine.dll
2011-11-24 05:00 . 2011-12-14 17:13 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 07:10 . 2012-01-12 15:14 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-12 15:14 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:17 . 2011-12-14 17:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:30 . 2011-12-14 17:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-29_21.50.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-08 20:56 . 2012-01-31 11:29 24106 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 11:29 28120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 03:32 . 2012-01-31 11:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 03:32 . 2012-01-29 21:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-29 20:46 . 2012-01-29 21:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-29 20:46 . 2012-01-31 11:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-29 21:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-31 11:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-29 21:57 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-09 03:36 . 2012-01-31 11:29 6772 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3344855712-2548836808-2162885872-1000_UserData.bin
- 2012-01-29 21:50 . 2012-01-29 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-31 20:46 . 2012-01-31 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-31 20:46 . 2012-01-31 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-29 21:50 . 2012-01-29 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-01-31 11:32 654250 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-29 20:56 654250 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-01-29 20:56 668506 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-01-31 11:32 668506 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-01-29 20:56 122082 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-31 11:32 122082 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-01-29 20:56 141102 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-01-31 11:32 141102 c:\windows\system32\perfc005.dat
+ 2012-01-31 11:27 . 2012-01-31 11:27 338336 c:\windows\system32\FNTCACHE.DAT
- 2012-01-22 11:26 . 2012-01-22 11:26 338336 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-01-29 21:49 315156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-31 20:45 315156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-01-29 21:05 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-31 12:42 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-08 22:07 . 2012-01-31 20:45 33529736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3344855712-2548836808-2162885872-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000Core.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344855712-2548836808-2162885872-1000UA.job
- c:\users\Jarda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 22:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\bmqwkvg7.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,ef,af,33,c3,a5,c9,7d,8e,6f,88,28,44,a0,db,34,22,31,8f,f7,1c,ed,a9,
3a,d8,a7,0c,39,b0,5f,4f,15,02,74,2a,09,40,ef,70,8d,e9,4b,14,a0,86,70,c5,ef,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3344855712-2548836808-2162885872-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,18,3e,bd,f5,8a,21,0f,ce,c3,df,7a,29,b7,ce,9e,10,db,cf,d3,3d,
35,c5,51,e3,4f,7b,bd,b0,62,9e,a9,b4,30,6f,9a,9b,97,c4,b1,e7,db,5c,3e,a3,03,\
"rkeysecu"=hex:4c,63,69,2b,59,a1,c3,1d,c3,e1,c0,29,d0,6a,5d,ee
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-01-31 21:49:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-31 20:49
ComboFix2.txt 2012-01-30 21:55
ComboFix3.txt 2012-01-29 21:54
.
Před spuštěním: Volných bajtů: 80 944 156 672
Po spuštění: Volných bajtů: 80 664 309 760
.
- - End Of File - - B498108AD75190DA26C5F22FB363C4CD