VIRY.CZ

Dobrý den, občas se mi stane že se počítač sekne a já nemohu nic dělat, mohu jen hýbat myší jinak nic nefunguje, ani "ctrl + alt + delete".
Počítač musím vypnout natvrdo, pokavaď mám puštěné video tak stále běží ale jak jsem řekl nemohu nic dělat, jako kdyby z ničeho nic přestali fungovat všechny tlačítka... Prosím o pomoc, zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bagroup at 2012-02-09 11:06:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 652 GB (93%) free of 704 GB
Total RAM: 4094 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:37, on 9.2.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\Bagroup\Desktop\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Bagroup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2790392
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{6A7 ... 606E952FE3}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Bagroup\AppData\Roaming\Complitly\AutocompletePro.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9050 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default\extensions\
yasearch@yandex.ru
{33e0daa6-3af3-d8b5-6752-10e949c61516}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

C:\Users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default\searchplugins\
conduit.xml
search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Users\Bagroup\AppData\Roaming\Complitly\AutocompletePro.dll [2011-02-27 139768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-01-13 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-13 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"KBD"=C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2008-10-13 281600]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdateLBPShortCut"=c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-04-09 185640]
"DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-19 1148200]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE [2009-04-11 1555968]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-11-09 17049736]
"BitTorrent"=C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED []
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-02-09 11:06:31 ----D---- C:\rsit
2012-02-09 11:06:31 ----D---- C:\Program Files (x86)\trend micro
2012-02-09 09:30:02 ----D---- C:\Users\Bagroup\AppData\Roaming\BSplayer Pro
2012-02-09 09:30:02 ----D---- C:\Users\Bagroup\AppData\Roaming\BSplayer
2012-02-09 09:30:01 ----D---- C:\Program Files (x86)\Webteh
2012-02-06 12:05:23 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-02-06 12:01:50 ----A---- C:\Windows\SysWOW64\pbsvc.exe
2012-02-05 13:24:02 ----D---- C:\Users\Bagroup\AppData\Roaming\TeamViewer
2012-02-04 16:35:25 ----SHD---- C:\Windows\ftpcache
2012-01-27 19:44:40 ----D---- C:\Program Files (x86)\Common Files\Steam
2012-01-27 15:57:41 ----A---- C:\Windows\SysWOW64\schannel.dll
2012-01-27 15:57:40 ----A---- C:\Windows\SysWOW64\winhttp.dll
2012-01-27 15:57:40 ----A---- C:\Windows\SysWOW64\secur32.dll
2012-01-21 15:22:15 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2012-01-21 03:47:26 ----D---- C:\CFLog
2012-01-21 03:08:22 ----D---- C:\Windows\SysWOW64\spool
2012-01-21 03:08:22 ----D---- C:\Program Files (x86)\Windows Portable Devices
2012-01-20 22:21:01 ----A---- C:\Windows\SysWOW64\WMPhoto.dll
2012-01-20 22:20:39 ----A---- C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-01-20 22:20:39 ----A---- C:\Windows\SysWOW64\WindowsCodecs.dll
2012-01-20 22:20:38 ----A---- C:\Windows\SysWOW64\dxdiagn.dll
2012-01-20 22:20:37 ----A---- C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2012-01-20 22:20:37 ----A---- C:\Windows\SysWOW64\dxdiag.exe
2012-01-20 22:20:36 ----A---- C:\Windows\SysWOW64\d3d11.dll
2012-01-20 22:18:39 ----A---- C:\Windows\SysWOW64\WPDShextAutoplay.exe
2012-01-20 22:17:58 ----A---- C:\Windows\SysWOW64\wpdshext.dll
2012-01-20 22:17:56 ----A---- C:\Windows\SysWOW64\WPDShServiceObj.dll
2012-01-20 22:17:56 ----A---- C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2012-01-20 22:17:55 ----A---- C:\Windows\SysWOW64\PortableDeviceTypes.dll
2012-01-20 22:17:55 ----A---- C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2012-01-20 22:17:54 ----A---- C:\Windows\SysWOW64\PortableDeviceApi.dll
2012-01-20 22:17:51 ----A---- C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2012-01-20 22:17:47 ----A---- C:\Windows\SysWOW64\WPDSp.dll
2012-01-20 13:53:26 ----A---- C:\Windows\SysWOW64\xmllite.dll
2012-01-20 13:53:12 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-01-20 13:53:08 ----A---- C:\Windows\SysWOW64\DWrite.dll
2012-01-20 13:51:05 ----A---- C:\Windows\SysWOW64\quartz.dll
2012-01-20 13:51:04 ----A---- C:\Windows\SysWOW64\qdvd.dll
2012-01-20 13:50:59 ----A---- C:\Windows\SysWOW64\msshsq.dll
2012-01-20 13:50:47 ----A---- C:\Windows\SysWOW64\tzres.dll
2012-01-20 13:49:38 ----A---- C:\Windows\SysWOW64\ntdll.dll
2012-01-20 13:49:16 ----A---- C:\Windows\SysWOW64\d2d1.dll
2012-01-20 13:49:13 ----A---- C:\Windows\SysWOW64\MFH264Dec.dll
2012-01-20 13:49:12 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2012-01-20 13:49:11 ----A---- C:\Windows\SysWOW64\d3d10level9.dll
2012-01-20 13:49:09 ----A---- C:\Windows\SysWOW64\dxgi.dll
2012-01-20 13:49:06 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2012-01-20 13:49:05 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll
2012-01-20 13:49:05 ----A---- C:\Windows\SysWOW64\d3d10.dll
2012-01-20 13:49:04 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll
2012-01-20 13:49:04 ----A---- C:\Windows\SysWOW64\d3d10core.dll
2012-01-20 13:49:03 ----A---- C:\Windows\SysWOW64\xpsservices.dll
2012-01-20 13:49:03 ----A---- C:\Windows\SysWOW64\OpcServices.dll
2012-01-20 13:49:02 ----A---- C:\Windows\SysWOW64\MFHEAACdec.dll
2012-01-20 13:49:01 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2012-01-20 13:49:01 ----A---- C:\Windows\SysWOW64\mfmp4src.dll
2012-01-20 13:48:58 ----A---- C:\Windows\SysWOW64\mf.dll
2012-01-20 13:48:57 ----A---- C:\Windows\SysWOW64\shdocvw.dll
2012-01-20 13:48:55 ----A---- C:\Windows\SysWOW64\mfplat.dll
2012-01-20 13:48:54 ----A---- C:\Windows\SysWOW64\stobject.dll
2012-01-20 13:48:28 ----A---- C:\Windows\SysWOW64\mfps.dll
2012-01-20 13:46:52 ----A---- C:\Windows\SysWOW64\UIAutomationCore.dll
2012-01-20 13:46:51 ----A---- C:\Windows\SysWOW64\oleaccrc.dll
2012-01-20 13:46:51 ----A---- C:\Windows\SysWOW64\oleacc.dll
2012-01-20 13:46:50 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2012-01-20 13:45:52 ----A---- C:\Windows\SysWOW64\winmm.dll
2012-01-20 13:45:52 ----A---- C:\Windows\SysWOW64\mciseq.dll
2012-01-20 13:42:37 ----A---- C:\Windows\SysWOW64\EncDec.dll
2012-01-20 13:37:16 ----A---- C:\Windows\SysWOW64\packager.dll
2012-01-20 13:28:03 ----A---- C:\Windows\SysWOW64\UIAnimation.dll
2012-01-20 13:27:50 ----A---- C:\Windows\SysWOW64\UIRibbonRes.dll
2012-01-20 13:27:47 ----A---- C:\Windows\SysWOW64\UIRibbon.dll
2012-01-20 13:26:32 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-01-20 13:26:29 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-01-20 13:26:28 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-01-20 13:26:28 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-01-20 13:26:27 ----A---- C:\Windows\SysWOW64\mstime.dll
2012-01-20 13:26:25 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-01-20 13:26:24 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-01-20 13:26:24 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-01-20 13:26:24 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-01-20 13:26:23 ----A---- C:\Windows\SysWOW64\url.dll
2012-01-20 13:26:23 ----A---- C:\Windows\SysWOW64\iepeers.dll
2012-01-20 13:26:21 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-01-20 13:26:18 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2012-01-20 13:26:07 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2012-01-15 05:37:53 ----D---- C:\Windows\SysWOW64\vi-VN
2012-01-15 05:37:53 ----D---- C:\Windows\SysWOW64\eu-ES
2012-01-15 05:37:53 ----D---- C:\Windows\SysWOW64\ca-ES
2012-01-13 17:40:56 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2012-01-13 17:40:55 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2012-01-13 17:40:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-01-13 17:40:50 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2012-01-13 17:40:49 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2012-01-13 17:40:47 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2012-01-13 17:40:46 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2012-01-13 17:40:32 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2012-01-13 17:40:32 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2012-01-13 17:40:14 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2012-01-13 17:40:13 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2012-01-13 17:40:13 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-01-13 17:40:11 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2012-01-13 17:40:10 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-01-13 17:39:58 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2012-01-13 17:39:58 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-01-13 17:39:57 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2012-01-13 17:39:19 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2012-01-13 17:39:19 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-01-13 17:39:19 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2012-01-13 17:39:18 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-01-13 17:39:17 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2012-01-13 17:39:17 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-01-13 17:39:17 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2012-01-13 17:30:17 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2012-01-13 17:30:17 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-01-13 17:30:16 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2012-01-13 17:30:15 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2012-01-13 17:30:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-01-13 17:30:13 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2012-01-13 17:30:07 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-01-13 17:29:49 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2012-01-13 17:29:49 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-01-13 17:29:48 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2012-01-13 17:29:47 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2012-01-13 17:29:46 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2012-01-13 17:29:45 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-01-13 17:29:41 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2012-01-13 17:29:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-01-13 17:29:39 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2012-01-13 17:29:34 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2012-01-13 17:28:59 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2012-01-13 17:28:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-01-13 17:28:57 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2012-01-13 17:28:56 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2012-01-13 17:28:51 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2012-01-13 17:28:51 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-01-13 17:28:45 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2012-01-13 17:28:39 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2012-01-13 17:28:38 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2012-01-13 17:28:34 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2012-01-13 17:28:34 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2012-01-13 17:28:32 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2012-01-13 17:28:30 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2012-01-13 17:28:28 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2012-01-13 17:27:52 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2012-01-13 17:27:52 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2012-01-13 17:27:33 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2012-01-13 17:27:27 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2012-01-13 17:27:22 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2012-01-13 17:27:18 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2012-01-13 17:08:08 ----D---- C:\ProgramData\Windows Genuine Advantage
2012-01-13 00:18:18 ----D---- C:\Windows\Minidump
2012-01-13 00:06:54 ----D---- C:\ProgramData\Sun
2012-01-13 00:06:53 ----D---- C:\Program Files (x86)\Common Files\Java
2012-01-13 00:06:18 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-01-13 00:06:18 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-01-13 00:06:18 ----A---- C:\Windows\SysWOW64\java.exe
2012-01-13 00:06:18 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-01-13 00:05:20 ----D---- C:\Program Files (x86)\Java

======List of files/folders modified in the last 1 month======

2012-02-09 11:06:38 ----D---- C:\Windows\Temp
2012-02-09 11:06:31 ----RD---- C:\Program Files (x86)
2012-02-09 11:03:26 ----D---- C:\Users\Bagroup\AppData\Roaming\Skype
2012-02-09 09:27:38 ----D---- C:\Windows\System32
2012-02-09 09:27:38 ----D---- C:\Windows\inf
2012-02-09 08:43:20 ----D---- C:\Windows
2012-02-09 04:43:32 ----SHD---- C:\System Volume Information
2012-02-09 04:35:56 ----SHD---- C:\Windows\Installer
2012-02-09 04:24:45 ----D---- C:\iult
2012-02-09 04:22:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-09 04:21:12 ----D---- C:\Program Files (x86)\Common Files
2012-02-08 19:33:27 ----D---- C:\Windows\SysWOW64
2012-02-08 19:33:22 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2012-02-08 14:29:01 ----D---- C:\ProgramData\Spyware Terminator
2012-02-07 00:23:26 ----D---- C:\Windows\Prefetch
2012-02-06 12:07:15 ----HD---- C:\ProgramData
2012-02-06 12:04:34 ----RSD---- C:\Windows\assembly
2012-02-06 12:03:44 ----D---- C:\Windows\winsxs
2012-02-05 23:47:19 ----D---- C:\Windows\LiveKernelReports
2012-02-05 00:22:31 ----D---- C:\Windows\Tasks
2012-02-05 00:22:30 ----D---- C:\Windows\registration
2012-02-04 15:40:03 ----RD---- C:\Program Files
2012-02-03 11:13:06 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-02 17:53:13 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-02 16:45:39 ----RD---- C:\Program Files (x86)\Skype
2012-01-28 12:03:22 ----D---- C:\Program Files (x86)\Complitly
2012-01-28 12:03:21 ----D---- C:\Users\Bagroup\AppData\Roaming\Complitly
2012-01-28 12:03:17 ----D---- C:\Program Files (x86)\Free YouTube Downloader
2012-01-22 12:58:13 ----D---- C:\Windows\Microsoft.NET
2012-01-21 03:40:13 ----D---- C:\Windows\rescache
2012-01-21 03:08:22 ----D---- C:\Windows\SysWOW64\wbem
2012-01-21 03:08:22 ----D---- C:\Windows\SysWOW64\cs-CZ
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\zh-TW
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\uk-UA
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\tr-TR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\th-TH
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\sv-SE
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\sr-Latn-CS
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\sl-SI
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\sk-SK
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\ro-RO
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\pt-PT
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\pt-BR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\pl-PL
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\nl-NL
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\nb-NO
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\lv-LV
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\lt-LT
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\ko-KR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\ja-JP
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\it-IT
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\hu-HU
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\hr-HR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\he-IL
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\fr-FR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\fi-FI
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\en-US
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\el-GR
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\de-DE
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\da-DK
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\bg-BG
2012-01-21 03:08:18 ----D---- C:\Windows\SysWOW64\ar-SA
2012-01-21 03:08:17 ----D---- C:\Windows\SysWOW64\zh-HK
2012-01-21 03:08:17 ----D---- C:\Windows\SysWOW64\zh-CN
2012-01-21 03:08:17 ----D---- C:\Windows\SysWOW64\ru-RU
2012-01-21 03:08:17 ----D---- C:\Windows\SysWOW64\et-EE
2012-01-21 03:08:17 ----D---- C:\Windows\SysWOW64\es-ES
2012-01-21 03:08:12 ----D---- C:\Program Files (x86)\Windows Mail
2012-01-21 03:08:11 ----D---- C:\Windows\ehome
2012-01-21 03:07:59 ----RSD---- C:\Windows\Fonts
2012-01-21 03:07:45 ----D---- C:\Program Files (x86)\Common Files\System
2012-01-21 03:07:34 ----D---- C:\Windows\SysWOW64\migration
2012-01-21 03:07:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-01-20 22:08:40 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-15 11:54:58 ----SD---- C:\Users\Bagroup\AppData\Roaming\Microsoft
2012-01-15 10:26:22 ----SHD---- C:\Boot
2012-01-15 05:38:35 ----D---- C:\Windows\servicing
2012-01-15 05:38:35 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-01-15 05:38:35 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2012-01-15 05:38:35 ----D---- C:\Program Files (x86)\Windows Media Player
2012-01-15 05:38:35 ----D---- C:\Program Files (x86)\Windows Calendar
2012-01-15 05:38:25 ----D---- C:\Windows\SysWOW64\XPSViewer
2012-01-15 05:38:25 ----D---- C:\Windows\SysWOW64\setup
2012-01-15 05:38:25 ----D---- C:\Windows\SysWOW64\oobe
2012-01-15 05:38:25 ----D---- C:\Windows\SysWOW64\cs
2012-01-15 05:38:25 ----D---- C:\Windows\SysWOW64\AdvancedInstallers
2012-01-15 05:38:24 ----D---- C:\Windows\SysWOW64\SLUI
2012-01-15 05:38:24 ----D---- C:\Windows\SysWOW64\migwiz
2012-01-15 05:38:24 ----D---- C:\Windows\SysWOW64\manifeststore
2012-01-15 05:38:12 ----D---- C:\Windows\IME
2012-01-15 05:37:59 ----D---- C:\Windows\AppPatch
2012-01-15 05:36:30 ----D---- C:\Windows\SysWOW64\RTCOM
2012-01-15 04:58:32 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2012-01-15 04:24:01 ----D---- C:\Program Files (x86)\Crawler
2012-01-13 17:30:29 ----D---- C:\Windows\Logs
2012-01-13 17:07:47 ----SD---- C:\Windows\Downloaded Program Files
2012-01-12 15:37:48 ----D---- C:\Program Files (x86)\Spyware Terminator

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 AVER_H193;AVerMedia H193 Video Capture; C:\Windows\system32\drivers\AVer888RC_64.sys []
R3 CXCIR;AVerMedia Consumer Infrared Receiver; C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\PROGRAM FILES (X86)\LOGMEIN\X64\RaInfo.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 X6va005;X6va005; \??\C:\Users\Bagroup\AppData\Local\Temp\00533DC.tmp []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\SysWOW64\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 HPBtnSrv;HP Easy Backup Button Service; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-09-30 192512]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-02-02 76888]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-12-23 1148632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Pokud by se v normálním režimu sekl, zkuste to v nouzovém.

ComboFix 12-02-09.04 - Bagroup 09.02.2012 17:58:42.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2598 [GMT 1:00]
Spuštěný z: c:\users\Bagroup\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\users\Bagroup\APB_Reloaded_Installer.exe
c:\users\Bagroup\AppData\Local\TempDIR
c:\users\Bagroup\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-09 do 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 17:06 . 2012-02-09 17:22 -------- d-----w- c:\users\Bagroup\AppData\Local\temp
2012-02-09 17:06 . 2012-02-09 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 14:12 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-09 14:12 . 2012-02-09 14:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-09 14:11 . 2012-02-09 17:22 -------- d-----w- c:\users\Bagroup\AppData\Local\LogMeIn Hamachi
2012-02-09 14:10 . 2012-02-09 15:26 -------- d-----w- c:\users\Bagroup\AppData\Roaming\.minecraft
2012-02-09 14:03 . 2012-02-09 14:03 3819520 ----a-w- c:\users\Bagroup\hamachi.msi
2012-02-09 12:25 . 2012-02-09 16:52 -------- d-----w- c:\program files (x86)\Counter-Strike 1.6 Standalone
2012-02-09 10:06 . 2012-02-09 10:06 -------- d-----w- C:\rsit
2012-02-09 10:06 . 2012-02-09 10:06 -------- d-----w- c:\program files (x86)\trend micro
2012-02-09 08:30 . 2012-02-09 10:04 -------- d-----w- c:\users\Bagroup\AppData\Roaming\BSplayer
2012-02-09 08:30 . 2012-02-09 08:30 -------- d-----w- c:\users\Bagroup\AppData\Roaming\BSplayer Pro
2012-02-09 08:30 . 2012-02-09 08:30 -------- d-----w- c:\program files (x86)\Webteh
2012-02-08 06:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{318CA3F9-3C7C-4138-8D30-1F293E3BC74E}\mpengine.dll
2012-02-06 11:05 . 2012-02-06 11:05 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-06 11:01 . 2012-02-06 11:01 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-05 12:24 . 2012-02-05 12:27 -------- d-----w- c:\users\Bagroup\AppData\Roaming\TeamViewer
2012-02-04 15:35 . 2012-02-04 15:35 -------- d-sh--w- c:\windows\ftpcache
2012-02-03 06:22 . 2012-02-03 06:22 -------- d-----w- c:\users\Bagroup\AppData\Local\SKIDROW
2012-01-27 18:44 . 2012-02-08 16:31 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-01-27 17:43 . 2012-01-27 17:43 -------- d-----w- c:\users\Bagroup\AppData\Local\LogMeIn
2012-01-27 17:42 . 2011-12-07 17:22 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-01-27 17:42 . 2011-12-07 17:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-27 17:42 . 2011-12-07 17:22 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-01-27 17:42 . 2011-09-16 13:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-27 17:42 . 2011-12-07 17:22 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-27 17:39 . 2012-01-27 17:46 -------- d-----w- c:\users\Bagroup\AppData\Local\Deployment
2012-01-27 17:39 . 2012-01-27 17:39 -------- d-----w- c:\users\Bagroup\AppData\Local\Apps
2012-01-27 14:57 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-27 14:57 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-27 14:57 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-27 14:57 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-27 14:57 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-27 14:57 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-27 14:57 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-27 14:57 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-27 14:57 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 14:22 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-21 14:22 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-21 02:27 . 2012-01-21 02:37 -------- d-----w- c:\users\Bagroup\CrossFire_1082
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\windows\SysWow64\spool
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-01-20 21:21 . 2009-09-25 01:35 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-20 21:21 . 2009-09-25 01:33 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2012-01-20 21:18 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-01-20 21:18 . 2009-10-01 00:52 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-01-20 21:18 . 2009-10-01 00:51 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-01-20 21:18 . 2009-10-01 00:51 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-01-20 21:18 . 2009-10-01 00:54 2560 ----a-w- c:\windows\system32\drivers\UMDF\cs-CZ\wpdmtpdr.dll.mui
2012-01-20 21:18 . 2009-10-01 00:51 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-20 12:53 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-20 12:53 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-01-20 12:53 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-01-20 12:53 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-01-20 12:53 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-01-20 12:53 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-01-20 12:51 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-20 12:51 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-20 12:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-20 12:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-20 12:51 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-01-20 12:51 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2012-01-20 12:50 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-01-20 12:50 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-20 12:50 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-20 12:50 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-20 12:50 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-20 12:48 . 2011-01-20 16:16 3548672 ----a-w- c:\windows\system32\mf.dll
2012-01-20 12:48 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-01-20 12:48 . 2011-01-20 16:14 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-01-20 12:48 . 2011-01-20 16:16 748544 ----a-w- c:\windows\system32\stobject.dll
2012-01-20 12:48 . 2011-01-20 16:04 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-01-20 12:48 . 2011-01-20 16:07 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-01-20 12:48 . 2011-01-20 16:16 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-01-20 12:48 . 2011-01-20 16:14 195072 ----a-w- c:\windows\system32\mfps.dll
2012-01-20 12:48 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-01-20 12:48 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-01-20 12:48 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-01-20 12:46 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2012-01-20 12:46 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-01-20 12:46 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-20 12:46 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2012-01-20 12:46 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-20 12:46 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2012-01-20 12:46 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-20 12:46 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-20 12:45 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2012-01-20 12:45 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2012-01-20 12:45 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2012-01-20 12:45 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2012-01-20 12:45 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2012-01-20 12:45 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2012-01-20 12:42 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-01-20 12:42 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-20 12:40 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 12:40 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-20 12:39 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-20 12:39 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-20 12:39 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2012-01-20 12:39 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-20 12:37 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-20 12:37 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-20 12:28 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-20 12:28 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-01-20 12:27 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-20 12:27 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-01-20 12:27 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-20 12:27 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\eu-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\ca-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\vi-VN
2012-01-15 03:43 . 2012-01-15 03:43 -------- d-----w- c:\windows\system32\EventProviders
2012-01-13 16:39 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-01-13 16:30 . 2008-07-10 10:01 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-01-13 16:30 . 2008-05-30 13:19 511496 ----a-w- c:\windows\system32\XAudio2_1.dll
2012-01-13 16:30 . 2008-05-30 13:19 507400 ----a-w- c:\windows\SysWow64\XAudio2_1.dll
2012-01-13 16:30 . 2008-05-30 13:17 65032 ----a-w- c:\windows\SysWow64\XAPOFX1_0.dll
2012-01-13 16:30 . 2008-05-30 13:17 68104 ----a-w- c:\windows\system32\XAPOFX1_0.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 12:43 . 2011-12-30 17:53 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-09 12:43 . 2011-12-30 17:46 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-09 12:42 . 2011-12-30 17:46 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-02 16:53 . 2011-12-30 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-26 23:52 . 2011-12-24 00:41 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-27 18:06 . 2011-12-27 18:06 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-12-24 11:30 . 2011-12-24 11:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-12-23 22:29 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-23 22:29 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-12-23 22:30 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-23 22:30 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-23 22:30 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-23 22:30 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-23 22:30 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-23 22:30 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-12-23 22:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-16 16:42 . 2012-01-27 14:57 347136 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:23 . 2012-01-27 14:57 278528 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\WINDOWS SIDEBAR\SIDEBAR.EXE" [2009-04-11 1555968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-11-09 17049736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-12-23 2779824]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-12-23 3621040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/howfytdl/{6A774907-5 ... 606E952FE3}
mLocal Page = %SystemRoot%\system32\blank.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BitTorrentBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LOGMEIN\X64\LogMeInSystray.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Bagroup\AppData\Local\Temp\00533DC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-02-09 18:26:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-09 17:26
.
Před spuštěním: Volných bajtů: 659 151 253 504
Po spuštění: Volných bajtů: 660 133 224 448
.
- - End Of File - - 1297EE5156E0158F075EDE45E3857ACC

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Firefox::
FF - ProfilePath - c:\users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BitTorrentBar Customized Web Search

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 12-02-09.04 - Bagroup 10.02.2012 5:17.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2284 [GMT 1:00]
Spuštěný z: c:\users\Bagroup\Desktop\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bagroup\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-10 do 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 04:24 . 2012-02-10 04:25 -------- d-----w- c:\users\Bagroup\AppData\Local\temp
2012-02-10 04:24 . 2012-02-10 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 21:20 . 2012-02-09 21:20 -------- d-----w- c:\users\Bagroup\Cake Defence by disco
2012-02-09 14:12 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-09 14:12 . 2012-02-09 14:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-09 14:11 . 2012-02-10 04:25 -------- d-----w- c:\users\Bagroup\AppData\Local\LogMeIn Hamachi
2012-02-09 14:10 . 2012-02-09 21:51 -------- d-----w- c:\users\Bagroup\AppData\Roaming\.minecraft
2012-02-09 14:03 . 2012-02-09 14:03 3819520 ----a-w- c:\users\Bagroup\hamachi.msi
2012-02-09 12:25 . 2012-02-09 16:52 -------- d-----w- c:\program files (x86)\Counter-Strike 1.6 Standalone
2012-02-09 10:06 . 2012-02-09 10:06 -------- d-----w- C:\rsit
2012-02-09 10:06 . 2012-02-09 10:06 -------- d-----w- c:\program files (x86)\trend micro
2012-02-09 08:30 . 2012-02-09 10:04 -------- d-----w- c:\users\Bagroup\AppData\Roaming\BSplayer
2012-02-09 08:30 . 2012-02-09 08:30 -------- d-----w- c:\users\Bagroup\AppData\Roaming\BSplayer Pro
2012-02-09 08:30 . 2012-02-09 08:30 -------- d-----w- c:\program files (x86)\Webteh
2012-02-08 06:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{318CA3F9-3C7C-4138-8D30-1F293E3BC74E}\mpengine.dll
2012-02-06 11:05 . 2012-02-06 11:05 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-06 11:01 . 2012-02-06 11:01 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-05 12:24 . 2012-02-05 12:27 -------- d-----w- c:\users\Bagroup\AppData\Roaming\TeamViewer
2012-02-04 15:35 . 2012-02-04 15:35 -------- d-sh--w- c:\windows\ftpcache
2012-02-03 06:22 . 2012-02-03 06:22 -------- d-----w- c:\users\Bagroup\AppData\Local\SKIDROW
2012-01-27 18:44 . 2012-02-08 16:31 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-01-27 17:43 . 2012-01-27 17:43 -------- d-----w- c:\users\Bagroup\AppData\Local\LogMeIn
2012-01-27 17:42 . 2011-12-07 17:22 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-01-27 17:42 . 2011-12-07 17:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-27 17:42 . 2011-12-07 17:22 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-01-27 17:42 . 2011-09-16 13:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-27 17:42 . 2011-12-07 17:22 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-27 17:39 . 2012-01-27 17:46 -------- d-----w- c:\users\Bagroup\AppData\Local\Deployment
2012-01-27 17:39 . 2012-01-27 17:39 -------- d-----w- c:\users\Bagroup\AppData\Local\Apps
2012-01-27 14:57 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-27 14:57 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-27 14:57 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-27 14:57 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-27 14:57 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-27 14:57 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-27 14:57 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-27 14:57 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-27 14:57 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 14:22 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-21 14:22 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-21 02:27 . 2012-01-21 02:37 -------- d-----w- c:\users\Bagroup\CrossFire_1082
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\windows\SysWow64\spool
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-21 02:08 . 2012-01-21 02:08 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-01-20 21:21 . 2009-09-25 01:35 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-20 21:21 . 2009-09-25 01:33 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2012-01-20 21:18 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-01-20 21:18 . 2009-10-01 00:52 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-01-20 21:18 . 2009-10-01 00:51 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-01-20 21:18 . 2009-10-01 00:51 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-01-20 21:18 . 2009-10-01 00:54 2560 ----a-w- c:\windows\system32\drivers\UMDF\cs-CZ\wpdmtpdr.dll.mui
2012-01-20 21:18 . 2009-10-01 00:51 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-20 12:53 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-20 12:53 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-01-20 12:53 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-01-20 12:53 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-01-20 12:53 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-01-20 12:53 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-01-20 12:51 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-20 12:51 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-20 12:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-20 12:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-20 12:51 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-01-20 12:51 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2012-01-20 12:50 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-01-20 12:50 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-20 12:50 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-20 12:50 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-20 12:50 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-20 12:48 . 2011-01-20 16:16 3548672 ----a-w- c:\windows\system32\mf.dll
2012-01-20 12:48 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-01-20 12:48 . 2011-01-20 16:14 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-01-20 12:48 . 2011-01-20 16:16 748544 ----a-w- c:\windows\system32\stobject.dll
2012-01-20 12:48 . 2011-01-20 16:04 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-01-20 12:48 . 2011-01-20 16:07 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-01-20 12:48 . 2011-01-20 16:16 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-01-20 12:48 . 2011-01-20 16:14 195072 ----a-w- c:\windows\system32\mfps.dll
2012-01-20 12:48 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-01-20 12:48 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-01-20 12:48 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-01-20 12:46 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2012-01-20 12:46 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-01-20 12:46 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-20 12:46 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2012-01-20 12:46 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-20 12:46 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2012-01-20 12:46 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-20 12:46 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-20 12:45 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2012-01-20 12:45 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2012-01-20 12:45 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2012-01-20 12:45 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2012-01-20 12:45 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2012-01-20 12:45 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2012-01-20 12:42 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-01-20 12:42 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-20 12:40 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 12:40 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-20 12:39 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-20 12:39 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-20 12:39 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2012-01-20 12:39 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-20 12:37 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-20 12:37 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-20 12:28 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-20 12:28 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-01-20 12:27 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-20 12:27 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-01-20 12:27 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-20 12:27 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\eu-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\ca-ES
2012-01-15 04:37 . 2012-01-15 04:38 -------- d-----w- c:\windows\system32\vi-VN
2012-01-15 03:43 . 2012-01-15 03:43 -------- d-----w- c:\windows\system32\EventProviders
2012-01-13 16:39 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-01-13 16:30 . 2008-07-10 10:01 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-13 16:30 . 2008-07-10 10:00 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-01-13 16:30 . 2008-05-30 13:19 511496 ----a-w- c:\windows\system32\XAudio2_1.dll
2012-01-13 16:30 . 2008-05-30 13:19 507400 ----a-w- c:\windows\SysWow64\XAudio2_1.dll
2012-01-13 16:30 . 2008-05-30 13:17 65032 ----a-w- c:\windows\SysWow64\XAPOFX1_0.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 12:43 . 2011-12-30 17:53 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-09 12:43 . 2011-12-30 17:46 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-09 12:42 . 2011-12-30 17:46 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-02 16:53 . 2011-12-30 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-26 23:52 . 2011-12-24 00:41 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-27 18:06 . 2011-12-27 18:06 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-12-24 11:30 . 2011-12-24 11:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-12-23 22:29 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-23 22:29 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-12-23 22:30 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-23 22:30 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-23 22:30 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-23 22:30 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-23 22:30 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-23 22:30 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-12-23 22:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-16 16:42 . 2012-01-27 14:57 347136 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:23 . 2012-01-27 14:57 278528 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_17.22.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-02-10 04:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-02-09 17:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-02-09 17:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-10 04:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-10 04:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-02-09 17:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-02-10 04:09 42376 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-02-10 04:09 68888 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-23 22:19 . 2012-02-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-23 22:19 . 2012-02-09 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-23 22:19 . 2012-02-10 04:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-23 22:19 . 2012-02-09 15:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-23 22:19 . 2012-02-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-23 22:19 . 2012-02-09 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-24 11:08 . 2012-02-09 15:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 11:08 . 2012-02-10 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 11:08 . 2012-02-10 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-24 11:08 . 2012-02-09 15:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-23 22:22 . 2012-02-10 04:09 7966 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3720766836-3645326905-3114046903-1000_UserData.bin
+ 2012-02-10 04:24 . 2012-02-10 04:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-09 17:07 . 2012-02-09 17:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-09 17:07 . 2012-02-09 17:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-10 04:24 . 2012-02-10 04:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-02-09 17:14 662202 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-10 04:13 662202 c:\windows\system32\perfh009.dat
+ 2009-08-04 02:15 . 2012-02-10 04:13 671474 c:\windows\system32\perfh005.dat
- 2009-08-04 02:15 . 2012-02-09 17:14 671474 c:\windows\system32\perfh005.dat
+ 2006-11-02 12:46 . 2012-02-10 04:13 131088 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-02-09 17:14 131088 c:\windows\system32\perfc009.dat
- 2009-08-04 02:15 . 2012-02-09 17:14 151592 c:\windows\system32\perfc005.dat
+ 2009-08-04 02:15 . 2012-02-10 04:13 151592 c:\windows\system32\perfc005.dat
+ 2009-08-03 18:35 . 2012-02-10 04:24 794664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-21 03:16 . 2012-02-10 04:24 276508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-21 03:16 . 2012-02-09 17:06 276508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-21 16:04 . 2012-02-10 04:24 745092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3720766836-3645326905-3114046903-1000-8192.dat
- 2012-01-21 16:04 . 2012-02-09 17:06 745092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3720766836-3645326905-3114046903-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\WINDOWS SIDEBAR\SIDEBAR.EXE" [2009-04-11 1555968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-11-09 17049736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-12-23 2779824]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-12-23 3621040]
"LogMeIn GUI"="c:\program files (x86)\LOGMEIN\X64\LogMeInSystray.exe" [BU]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/howfytdl/{6A774907-5 ... 606E952FE3}
mLocal Page = %SystemRoot%\system32\blank.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bagroup\AppData\Roaming\Mozilla\Firefox\Profiles\r362qk46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Bagroup\AppData\Local\Temp\00533DC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-02-10 05:30:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-10 04:30
ComboFix2.txt 2012-02-09 17:26
.
Před spuštěním: Volných bajtů: 659 566 919 680
Po spuštění: Volných bajtů: 659 493 662 720
.
- - End Of File - - 915990D1347129452E03A12DD0F0B2E4

Smazáno. Nastala nějaká změna?

Ano vše vypadá OK, PC mám puštěný celý den a nesekl se, mockrát děkuji

Nemáte zač!