Vysoké zatížení paměti RAM

[martin12345]

Zdravím, mám podezření že mám v počítači něco škodlivého. Zatížení paměti je v klidu asi 70 procent což je dost i když mám jen 2gb. Mohli byste mě s tím poradit popřípadě jaký log sem mám vlozit?

Moje sestava:
AMD athlon ii x4 640
ATI Radeon HD 5770 1GB
2GB ram ddr2 800 mhz
Windows 7 Ultimate 64 bit

[vyosek]

Zdravim

Prectete si prosim Pravidla fora a dulzeite informace

Ty W7 Ultimate 64 bit jste si zakoupil? Neni to zbytecne kdyz bezny uzivatel stejne vyhody nejvyssi licence Ultimate nevyuzije a navic 64bit verze je pro 2GB RAM zcela zbytecna? Nebo licence nebyla koupena ale jen nekde ziskana z webu?

Log ktery mate dodat, je tez popsan v pravidlech a pozadavicich a tez i na vicero mistech - je to log z RSIT

[martin12345]

Ano budu si dokupovat 2 gb a windows mám legální

[vyosek]

Tak mi sem dejte ten log z RSIT, z kristalove koule se spatne vesti, navic pri zatazenem pocasi jake ted v Brne panuje, neni nic videt

[martin12345]

tady je ten RSIT log:


Logfile of random's system information tool 1.09 (written by random/random)
Run by game at 2012-04-06 10:06:04
Microsoft Windows 7 Ultimate
System drive C: has 57 GB (25%) free of 225 GB
Total RAM: 2047 MB (28% free)


======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe"
taskeng.exe {1C197777-ACEF-4FF3-A746-0A4BEFEA1829}
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
"C:\Program Files (x86)\IObit\Game Booster\gbtray.exe"
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
"C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
"C:\Users\game\AppData\Local\Akamai\netsession_win.exe"
"C:\Users\game\AppData\Local\Temp\sycomctl32.exe"
"C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe" /hidden
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\winmech\ntservice\srunner.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2872
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HydraDM64.exe -h:328574 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:/Users/game/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe" 9afadec1bb05578165ce6a7f940295e8
"C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe"
"C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Windows\system32\rundll32.exe "C:\Users\game\AppData\Local\Google\Chrome\APPLIC~1\18.0.1025.142\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\game\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll" --lang=cs --channel=1944.0702AE10.1498030917 --flash-broker=3240 /prefetch:4
"C:\Program Files\trend micro\game.exe" /silentautolog
"C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=1944.07014FA0.2023868638 /prefetch:12
C:\Windows\system32\svchost.exe -k defragsvc
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/HiddenExperimentA/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/WebStoreLinkExperiment/Disabled/ --renderer-print-preview --channel=1944.0AD151C0.1811471733 /prefetch:3
"C:\Users\game\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files (x86)\IObit Toolbar\IE\5.2\iobitToolbarIE.dll [2012-03-16 1122144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video>

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll [2010-12-06 765744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} -
{855F3B16-6D32-4FE6-8A56-BBB695989046} -
{46897C77-E7A6-4c33-BFFB-E9C2E2718942} - Mp3Tube Toolbar - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL [2011-04-29 1070592]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files (x86)\IObit Toolbar\IE\5.2\iobitToolbarIE.dll [2012-03-16 1122144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\game\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]
"Windows® NetMeeting"=C:\Users\game\AppData\Roaming\NetMeeting\ca32.exe [2005-04-29 15487488]
"Advanced SystemCare 4"=C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
"Akamai NetSession Interface"=C:\Users\game\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]
"Display Driver"=C:\Users\game\AppData\Local\Temp\sycomctl32.exe [2011-12-23 22457]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2010-08-25 393216]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-02-14 636032]
"SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-03-16 974688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AML Device Install.lnk - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
Kaspersky Security Scan.lnk - C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-06 09:38:31 ----D---- C:\ProgramData\TuneUp Software
2012-04-06 09:37:53 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-06 09:28:55 ----D---- C:\Program Files (x86)\CCleaner
2012-04-06 09:11:42 ----D---- C:\Program Files\trend micro
2012-04-06 09:11:34 ----D---- C:\rsit
2012-04-04 17:17:42 ----D---- C:\Program Files (x86)\IObit Toolbar
2012-04-04 17:17:42 ----D---- C:\Program Files (x86)\Application Updater
2012-04-02 17:41:50 ----A---- C:\Windows\game.ini
2012-04-01 10:49:47 ----D---- C:\ProgramData\Tages
2012-04-01 09:35:37 ----D---- C:\Users\game\AppData\Roaming\InstallShield
2012-03-10 11:44:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 19:28:46 ----D---- C:\ProgramData\ATI
2012-03-09 19:23:41 ----D---- C:\Program Files (x86)\AMD AVT
2012-03-09 19:23:36 ----D---- C:\Program Files\AMD
2012-03-09 19:23:30 ----D---- C:\Program Files (x86)\AMD APP
2012-03-09 19:13:01 ----D---- C:\AMD
2012-03-07 19:06:33 ----D---- C:\ProgramData\Solidshield

======List of files/folders modified in the last 1 month======

2012-04-06 10:28:32 ----D---- C:\Windows\Temp
2012-04-06 10:06:12 ----D---- C:\Windows\Prefetch
2012-04-06 09:41:12 ----SHD---- C:\System Volume Information
2012-04-06 09:38:34 ----SHD---- C:\Windows\Installer
2012-04-06 09:38:33 ----SHD---- C:\Config.Msi
2012-04-06 09:38:31 ----HD---- C:\ProgramData
2012-04-06 09:37:56 ----D---- C:\Windows
2012-04-06 09:28:55 ----RD---- C:\Program Files (x86)
2012-04-06 09:18:25 ----D---- C:\Windows\system32\config
2012-04-06 09:11:42 ----RD---- C:\Program Files
2012-04-06 09:10:48 ----D---- C:\Windows\Minidump
2012-04-06 08:58:27 ----D---- C:\Windows\system32\Tasks
2012-04-06 08:43:16 ----D---- C:\Users\game\AppData\Roaming\BitComet
2012-04-06 08:43:09 ----D---- C:\Downloads
2012-04-06 08:41:34 ----D---- C:\Windows\system32\catroot
2012-04-06 08:41:32 ----D---- C:\Windows\system32\catroot2
2012-04-06 08:41:25 ----D---- C:\Windows\winsxs
2012-04-06 08:40:51 ----D---- C:\Windows\System32
2012-04-06 08:40:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-06 08:40:50 ----D---- C:\Windows\inf
2012-04-04 17:17:42 ----D---- C:\Program Files (x86)\Common Files
2012-04-03 20:04:43 ----RSD---- C:\Windows\assembly
2012-04-03 19:31:32 ----D---- C:\hry
2012-04-02 19:44:51 ----D---- C:\Windows\system32\drivers
2012-04-01 09:37:06 ----D---- C:\Users\game\AppData\Roaming\InstallShield Installation Information
2012-04-01 09:36:40 ----D---- C:\ProgramData\Media Center Programs
2012-03-30 20:18:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-17 20:36:07 ----D---- C:\Users\game\AppData\Roaming\Skype
2012-03-17 20:15:44 ----D---- C:\Program Files (x86)\TeamViewer
2012-03-09 19:23:42 ----D---- C:\ProgramData\AMD
2012-03-09 19:23:41 ----D---- C:\Windows\SysWOW64
2012-03-09 19:23:37 ----SD---- C:\Users\game\AppData\Roaming\Microsoft
2012-03-09 19:23:36 ----D---- C:\Program Files (x86)\AMD
2012-03-09 19:22:54 ----D---- C:\Program Files\ATI Technologies
2012-03-09 19:18:37 ----D---- C:\Windows\system32\DriverStore
2012-03-07 19:24:02 ----D---- C:\ProgramData\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvamacpi;NVIDIA Away Mode System; C:\Windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 28192]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 254528]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-02-02 43168]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-21 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S1 byzpstll;byzpstll; \??\C:\Windows\system32\drivers\byzpstll.sys []
S1 dfphvmnb;dfphvmnb; \??\C:\Windows\system32\drivers\dfphvmnb.sys []
S1 gntuewpw;gntuewpw; \??\C:\Windows\system32\drivers\gntuewpw.sys []
S1 hlbdlkcw;hlbdlkcw; \??\C:\Windows\system32\drivers\hlbdlkcw.sys []
S1 psqpaoot;psqpaoot; \??\C:\Windows\system32\drivers\psqpaoot.sys []
S1 vkojqqvz;vkojqqvz; \??\C:\Windows\system32\drivers\vkojqqvz.sys []
S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-04-01 311968]
S3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-27 20336]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-07-30 339744]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-15 235520]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-16 782744]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R2 Mp3Tube Toolbar Service;Mp3Tube Toolbar Updater Service; C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe [2011-04-29 227840]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-02-03 66872]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 winmech;Security Services Internet; C:\Windows\winmech\ntservice\srunner.exe [2004-02-18 63488]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-01-07 419624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-23 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[vyosek]

Jste se dal na chov stadecka rootkitu

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

• DAEMON Tools Toolbar
• Mp3Tube Toolbar
• IObit Toolbar

Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Odinstalujte tyhle kramy, pokud nepujdou, tak je pak vezmem skriptem nasilne

• Akamai
• Search Settings
• Application Updater

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

[martin12345]

log z DDS:



DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by game at 11:04:42 on 2012-04-06
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.799 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Users\game\AppData\Local\Temp\sycomctl32.exe
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\winmech\ntservice\srunner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Users\game\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=4e061a9ec0ad4108bd2bf7eb7b40a91b
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - LocalServer32 - <no file>
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - LocalServer32 - <no file>
TB: Mp3Tube Toolbar: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\game\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Windows® NetMeeting] C:\Users\game\AppData\Roaming\NetMeeting\ca32.exe
uRun: [Akamai NetSession Interface] "C:\Users\game\AppData\Local\Akamai\netsession_win.exe"
uRun: [Display Driver] C:\Users\game\AppData\Local\Temp\sycomctl32.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AML Device Install.lnk - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Kaspersky Security Scan.lnk - C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: ????3?? - <no file>
IE: ????3?????? - <no file>
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll/206
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2CA0F0E6-E784-418D-ACBC-5A893A850217} : DHCPNameServer = 10.0.0.138
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvamacpi;NVIDIA Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-7-17 28192]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-4-13 33800]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-6-11 18232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-12 254528]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 189440]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2011-8-28 19432]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-3-29 21992]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-19 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-2-15 10856960]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-2-15 327680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-19 231440]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 84864]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 RTL8167;Ovladač Realtek 8167 NT;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-6-27 31232]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
.
=============== Created Last 30 ================
.
2012-04-06 07:38:31 -------- d-----w- C:\ProgramData\TuneUp Software
2012-04-06 07:37:53 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-06 07:28:55 -------- d-----w- C:\Program Files (x86)\CCleaner
2012-04-06 07:11:42 -------- d-----w- C:\Program Files\trend micro
2012-04-05 12:55:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C260150A-E631-4F5D-B585-AC3B4A5D9C99}\offreg.dll
2012-04-04 15:28:34 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C260150A-E631-4F5D-B585-AC3B4A5D9C99}\mpengine.dll
2012-04-01 08:52:05 -------- d-----w- C:\Users\game\AppData\Local\Atari
2012-04-01 08:49:47 -------- d-----w- C:\ProgramData\Tages
2012-03-10 09:44:23 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 17:23:41 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-09 17:23:36 -------- d-----w- C:\Program Files\AMD
2012-03-09 17:23:30 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-09 17:13:01 -------- d-----w- C:\AMD
2012-03-07 17:06:33 -------- d-----w- C:\ProgramData\Solidshield
.
==================== Find3M ====================
.
2012-04-01 09:08:35 311968 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-03-06 14:12:14 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-06 14:12:05 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-03-03 15:16:06 348160 ----a-w- C:\Windows\SysWow64\Msvcr71.dll
2012-03-03 15:16:06 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-03-03 15:16:06 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-09 16:37:20 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-09 16:37:19 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-03 07:27:22 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-02 09:01:24 43168 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 11:05:27,85 ===============

[vyosek]

Jeste tam mate od IOBit Game Booster a Smart Defrag 2. Tez ten Application Update tam je

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[martin12345]

tak tady to je :


ComboFix 12-04-06.02 - game 06.04.2012 11:21:51.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.818 [GMT 2:00]
Spuštěný z: c:\users\game\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\program files (x86)\BasicScan\basicscan.exe
c:\program files (x86)\BasicScan\uninstall.exe
c:\program files (x86)\Mp3Tube Toolbar
c:\program files (x86)\Mp3Tube Toolbar\ffmpeg.exe
c:\program files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
c:\program files (x86)\Mp3Tube Toolbar\mp3tubetb.dll
c:\program files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
c:\program files (x86)\Mp3Tube Toolbar\ShowMsg.exe
c:\program files (x86)\Mp3Tube Toolbar\uninstall.exe
c:\programdata\BasicScan
c:\programdata\BasicScan\basicscan115.exe
c:\users\game\AppData\Local\Temp\sycomctl32.exe
c:\users\game\AppData\Roaming\cglogs.dat
c:\users\game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\users\game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\users\game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\users\game\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\users\game\AppData\Roaming\NetMeeting\ca32.exe
c:\windows\AdmDll.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\raddrv.dll
c:\windows\regedit.exe.reg
c:\windows\SysWow64\tmp4807.tmp
c:\windows\SysWow64\tmp4827.tmp
c:\windows\SysWow64\tmp4903.tmp
c:\windows\SysWow64\tmp4904.tmp
c:\windows\SysWow64\tmp5478.tmp
c:\windows\SysWow64\tmp5479.tmp
c:\windows\SysWow64\tmpD837.tmp
c:\windows\SysWow64\tmpD838.tmp
c:\windows\SysWow64\tmpFA49.tmp
c:\windows\SysWow64\tmpFA59.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 09:27 . 2012-04-06 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 07:38 . 2012-04-06 07:38 -------- d-----w- c:\programdata\TuneUp Software
2012-04-06 07:37 . 2012-04-06 07:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-06 07:28 . 2012-04-06 07:28 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-06 07:11 . 2012-04-06 08:38 -------- d-----w- c:\program files\trend micro
2012-04-06 07:11 . 2012-04-06 08:33 -------- d-----w- C:\rsit
2012-04-04 15:28 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C260150A-E631-4F5D-B585-AC3B4A5D9C99}\mpengine.dll
2012-04-01 08:52 . 2012-04-01 08:52 -------- d-----w- c:\users\game\AppData\Local\Atari
2012-04-01 08:49 . 2012-04-01 08:50 -------- d-----w- c:\programdata\Tages
2012-04-01 07:35 . 2012-04-01 07:35 -------- d-----w- c:\users\game\AppData\Roaming\InstallShield
2012-03-10 09:44 . 2012-03-10 09:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-09 17:28 . 2012-03-09 17:28 -------- d-----w- c:\programdata\ATI
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files\AMD
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-09 17:13 . 2012-03-09 17:13 -------- d-----w- C:\AMD
2012-03-07 17:06 . 2012-03-07 17:23 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 09:08 . 2012-02-02 09:01 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-03-14 03:27 . 2011-02-09 21:09 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 14:12 . 2011-04-02 14:00 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 14:12 . 2011-07-16 09:18 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-03 15:16 . 2012-03-03 15:16 348160 ----a-w- c:\windows\SysWow64\Msvcr71.dll
2012-03-03 15:16 . 2012-03-03 15:16 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-03-03 15:16 . 2012-03-03 15:16 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-01-21 16:40 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-08-26 01:20 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 17:24 . 2012-02-10 17:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{084B022F-C4B3-488D-B229-1C1B7267636F}\gapaengine.dll
2012-02-09 16:37 . 2011-05-22 17:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-09 16:37 . 2011-05-22 17:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-03 07:27 . 2011-04-02 14:00 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-02 09:01 . 2012-02-02 09:01 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-31 12:44 . 2011-01-23 19:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Kaspersky Security Scan.lnk - c:\program files (x86)\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
R1 byzpstll;byzpstll;c:\windows\system32\drivers\byzpstll.sys [x]
R1 dfphvmnb;dfphvmnb;c:\windows\system32\drivers\dfphvmnb.sys [x]
R1 gntuewpw;gntuewpw;c:\windows\system32\drivers\gntuewpw.sys [x]
R1 hlbdlkcw;hlbdlkcw;c:\windows\system32\drivers\hlbdlkcw.sys [x]
R1 psqpaoot;psqpaoot;c:\windows\system32\drivers\psqpaoot.sys [x]
R1 vkojqqvz;vkojqqvz;c:\windows\system32\drivers\vkojqqvz.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 winmech;Security Services Internet;c:\windows\winmech\ntservice\srunner.exe [2004-02-18 63488]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 17:35]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 17:35]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000Core.job
- c:\users\game\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 18:04]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000UA.job
- c:\users\game\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 18:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=4e061a9ec0ad4108bd2bf7eb7b40a91b
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: ????3?? - c:\users\game\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\game\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Windows® NetMeeting - c:\users\game\AppData\Roaming\NetMeeting\ca32.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\game\AppData\Local\Akamai\netsession_win.exe
AddRemove-IspAssistant-Mp3Tube - c:\program files (x86)\Mp3Tube Toolbar\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
AddRemove-WinAce Archiver - c:\program files (x86)\WinAce\SXUNINST.EXE
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - c:\program files (x86)\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\game\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\game\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,0b,63,34,72,9d,d0,f2,33,3e,93,34,eb,6f,31,50,f4,ad,99,d3,4b,
cd,9f,f3,f0,19,97,19,ca,f7,5a,cb,aa,d0,0f,e0,d6,97,9d,61,4c,5d,84,3c,f7,ae,\
"rkeysecu"=hex:ba,28,d2,25,a6,68,43,80,cd,8d,46,62,a5,c4,a4,81
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-04-06 11:34:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-06 09:34
.
Před spuštěním: Volných bajtů: 65 494 740 992
Po spuštění: Volných bajtů: 64 223 596 544
.
- - End Of File - - CFE28BBBC0CC337B2D652E4C4B5B57DC

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\windows\system32\drivers\byzpstll.sys
  c:\windows\system32\drivers\dfphvmnb.sys
  c:\windows\system32\drivers\gntuewpw.sys
  c:\windows\system32\drivers\hlbdlkcw.sys
  c:\windows\system32\drivers\psqpaoot.sys
  c:\windows\system32\drivers\vkojqqvz.sys
  
  Driver::
  byzpstll
  dfphvmnb
  gntuewpw
  hlbdlkcw
  psqpaoot
  vkojqqvz
  gupdate
  ICQ Service
  gupdatem
  UrlFilter
  Akamai
  AdvancedSystemCareService
  Mp3Tube Toolbar Service
  
  Folder::
  c:\program files (x86)\ICQ6Toolbar
  C:\Program Files (x86)\IObit Toolbar
  C:\Program Files (x86)\Common Files\Spigot
  C:\Program Files (x86)\Application Updater
  C:\Program Files (x86)\IObit
  C:\Users\game\AppData\Local\Akamai
  
  File::
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000UA.job
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
  
  DDS::
  uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... eb7b40a91b
  uProxyOverride = 127.0.0.1:9421;<local>
  uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
  uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - LocalServer32 - <no file>
  BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - LocalServer32 - <no file>
  HO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
  BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - LocalServer32 - <no file>
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
  TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - LocalServer32 - <no file>
  TB: Mp3Tube Toolbar: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -
  EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - LocalServer32 - <no file>
  uRun: [Google Update]
  uRun: [DAEMON Tools Lite]
  uRun: [Windows® NetMeeting] C:\Users\game\AppData\Roaming\NetMeeting\ca32.exe
  uRun: [Akamai NetSession Interface] "C:\Users\game\AppData\Local\Akamai\netsession_win.exe"
  uRun: [Display Driver] C:\Users\game\AppData\Local\Temp\sycomctl32.exe
  mRun: [VirtualCloneDrive]
  mRun: [Adobe Reader Speed Launcher]
  mRun: [Adobe ARM]
  mRun: [PWRISOVM.EXE]
  mRun: [SunJavaUpdateSched]
  mRun: [DivXUpdate]
  mPolicies-Explorer: NoActiveDesktop = dword:1
  mPolicies-Explorer: NoActiveDesktopChanges = dword:1
  mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
  mPolicies-System: ConsentPromptBehaviorUser = dword:3
  mPolicies-System: EnableUIADesktopToggle = dword:0
  IE: ????3?? - <no file>
  IE: ????3?????? - <no file>
  x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - 
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
  [HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[martin12345]

ComboFix 12-04-06.02 - game 06.04.2012 12:03:22.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1071 [GMT 2:00]
Spuštěný z: c:\users\game\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\game\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCv4ComputerMenu_64_new.dll
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCv4ComputerMenu_new.dll
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCv4ExtMenu_64_new.dll
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCv4ExtMenu_new.dll
c:\program files (x86)\IObit\Advanced SystemCare 4\checkinfo.txt
c:\program files (x86)\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
c:\program files (x86)\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Advanced SystemCare 4\License.dat
c:\program files (x86)\IObit\Advanced SystemCare 4\services.ini
c:\program files (x86)\IObit\Advanced SystemCare 4\TBconfig.ini
c:\program files (x86)\IObit\Advanced SystemCare 4\Test.log
c:\program files (x86)\IObit\Advanced SystemCare 4\Update\Update.Ini
c:\program files (x86)\IObit\Game Booster\Boost.log
c:\program files (x86)\IObit\Game Booster\GameBooster.log
c:\program files (x86)\IObit\Game Booster\LatestGames\1.png
c:\program files (x86)\IObit\Game Booster\LatestGames\10.png
c:\program files (x86)\IObit\Game Booster\LatestGames\11.png
c:\program files (x86)\IObit\Game Booster\LatestGames\12.png
c:\program files (x86)\IObit\Game Booster\LatestGames\2.png
c:\program files (x86)\IObit\Game Booster\LatestGames\3.png
c:\program files (x86)\IObit\Game Booster\LatestGames\4.png
c:\program files (x86)\IObit\Game Booster\LatestGames\5.png
c:\program files (x86)\IObit\Game Booster\LatestGames\6.png
c:\program files (x86)\IObit\Game Booster\LatestGames\7.png
c:\program files (x86)\IObit\Game Booster\LatestGames\8.png
c:\program files (x86)\IObit\Game Booster\LatestGames\9.png
c:\program files (x86)\IObit\Game Booster\LatestGames\LatestGames.ini
c:\program files (x86)\IObit\Game Booster\LatestNews\imagenews.png
c:\program files (x86)\IObit\Game Booster\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Game Booster\license.dat
c:\program files (x86)\IObit\Game Booster\unins000.dat
c:\program files (x86)\IObit\Game Booster\unins000.exe
c:\program files (x86)\IObit\Game Booster\unins000.msg
c:\program files (x86)\IObit\Game Booster\Update\Update.Ini
c:\program files (x86)\IObit\IObit Malware Fighter\license.dat
c:\program files (x86)\IObit\IObit Security 360\IS360DataBase.db
c:\program files (x86)\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files (x86)\IObit\IObit Security 360\UpdateLog.txt
c:\program files (x86)\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Smart Defrag 2\madbasic_.bpl
c:\program files (x86)\IObit\Smart Defrag 2\maddisAsm_.bpl
c:\program files (x86)\IObit\Smart Defrag 2\madexcept_.bpl
c:\program files (x86)\IObit\Smart Defrag 2\NtfsData.dll
c:\program files (x86)\IObit\Smart Defrag 2\rtl120.bpl
c:\program files (x86)\IObit\Smart Defrag 2\SDDriverMgr.dll
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\IObit\Smart Defrag 2\vcl120.bpl
c:\program files (x86)\IObit\Smart Defrag 2\vclx120.bpl
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1117120883-2019159664-748789934-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_URLFILTER
-------\Service_byzpstll
-------\Service_dfphvmnb
-------\Service_gntuewpw
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_hlbdlkcw
-------\Service_ICQ Service
-------\Service_psqpaoot
-------\Service_vkojqqvz
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 10:08 . 2012-04-06 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 09:41 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5157EDED-1C8A-486B-A0BE-66EAA0CA4E2F}\mpengine.dll
2012-04-06 07:38 . 2012-04-06 07:38 -------- d-----w- c:\programdata\TuneUp Software
2012-04-06 07:37 . 2012-04-06 07:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-06 07:28 . 2012-04-06 07:28 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-06 07:11 . 2012-04-06 08:38 -------- d-----w- c:\program files\trend micro
2012-04-06 07:11 . 2012-04-06 08:33 -------- d-----w- C:\rsit
2012-04-01 08:52 . 2012-04-01 08:52 -------- d-----w- c:\users\game\AppData\Local\Atari
2012-04-01 08:49 . 2012-04-01 08:50 -------- d-----w- c:\programdata\Tages
2012-04-01 07:35 . 2012-04-01 07:35 -------- d-----w- c:\users\game\AppData\Roaming\InstallShield
2012-03-10 09:44 . 2012-03-10 09:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-09 17:28 . 2012-03-09 17:28 -------- d-----w- c:\programdata\ATI
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files\AMD
2012-03-09 17:23 . 2012-03-09 17:23 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-09 17:13 . 2012-03-09 17:13 -------- d-----w- C:\AMD
2012-03-07 17:06 . 2012-03-07 17:23 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 09:08 . 2012-02-02 09:01 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-03-14 03:27 . 2011-02-09 21:09 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 14:12 . 2011-04-02 14:00 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 14:12 . 2011-07-16 09:18 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-03 15:16 . 2012-03-03 15:16 348160 ----a-w- c:\windows\SysWow64\Msvcr71.dll
2012-03-03 15:16 . 2012-03-03 15:16 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-03-03 15:16 . 2012-03-03 15:16 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-01-21 16:40 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-08-26 01:20 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 17:24 . 2012-02-10 17:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{084B022F-C4B3-488D-B229-1C1B7267636F}\gapaengine.dll
2012-02-09 16:37 . 2011-05-22 17:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-09 16:37 . 2011-05-22 17:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-03 07:27 . 2011-04-02 14:00 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-02 09:01 . 2012-02-02 09:01 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-31 12:44 . 2011-01-23 19:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_09.30.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-21 14:54 . 2012-04-06 09:31 51464 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 09:32 46632 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 14:54 . 2012-04-06 09:32 16344 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1117120883-2019159664-748789934-1000_UserData.bin
+ 2011-01-21 16:59 . 2012-04-06 10:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 16:59 . 2012-04-06 09:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 16:59 . 2012-04-06 09:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-21 16:59 . 2012-04-06 10:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-21 16:59 . 2012-04-06 10:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-21 16:59 . 2012-04-06 09:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-21 16:59 . 2012-04-06 09:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-21 16:59 . 2012-04-06 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-21 16:59 . 2012-04-06 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-21 16:59 . 2012-04-06 09:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 09:29 . 2012-04-06 09:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 10:09 . 2012-04-06 10:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 09:29 . 2012-04-06 09:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 10:09 . 2012-04-06 10:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-06 06:40 626262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 09:36 626262 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-06 09:36 641102 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-04-06 06:40 641102 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-04-06 06:40 111146 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-06 09:36 111146 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-06 06:40 126896 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-06 09:36 126896 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-04-06 06:46 300736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-06 10:08 300736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-04-06 07:18 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-06 09:40 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 winmech;Security Services Internet;c:\windows\winmech\ntservice\srunner.exe [2004-02-18 63488]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"combofix"="c:\combofix\CF30960.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: ????3?? - c:\users\game\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\game\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\game\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1117120883-2019159664-748789934-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\game\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-04-06 12:13:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-06 10:13
ComboFix2.txt 2012-04-06 09:34
.
Před spuštěním: Volných bajtů: 63 449 731 072
Po spuštění: Volných bajtů: 63 002 935 296
.
- - End Of File - - E4699E9A2BAB8AF8F9230E556F0AF52B

[vyosek]

Jak se chova nas pacient

[martin12345]

Uz je to o neco lepší mám ale pořád zatížených asi 50 procent. Ten poslední log byl v pořádku?

[vyosek]

Ono tam o moc min nebude, uz samotne W7 Ultimate s nutnymi programy si vezmou dost...

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Poprosim o novy log z RSIT

[martin12345]

tak snad už to bude v pořádku



Logfile of random's system information tool 1.09 (written by random/random)
Run by game at 2012-04-06 12:53:04
Microsoft Windows 7 Ultimate
System drive C: has 66 GB (29%) free of 225 GB
Total RAM: 2047 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:08, on 6.4.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\game.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (file missing)
O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\Windows\winmech\ntservice\srunner.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7663 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\Explorer.EXE
taskeng.exe {22DDB4C5-1144-47E4-A0B0-4D0AABC3336B}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
C:\Windows\winmech\ntservice\srunner.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2568
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1e80a815-d9e9-47a4-86c6-5f03aeb34d2a -SystemEventPortName:HostProcess-58f8de69-d2fb-4c36-9323-363ebdc7ce49 -IoCancelEventPortName:HostProcess-b157b18d-384c-4ac7-8c4b-e7169297127c -NonStateChangingEventPortName:HostProcess-8d2b18ef-4c4a-40b9-8b3b-142054400ea8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:536676b9-0c22-4006-9e6e-6861d0540ed4
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\game\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll [2010-12-06 765744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-02-14 636032]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AML Device Install.lnk - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-04-06 12:53:04 ----D---- C:\rsit
2012-04-06 12:41:48 ----SHD---- C:\$RECYCLE.BIN
2012-04-06 12:13:55 ----D---- C:\Windows\temp
2012-04-06 11:20:29 ----D---- C:\Windows\ERDNT
2012-04-06 09:38:31 ----D---- C:\ProgramData\TuneUp Software
2012-04-06 09:37:53 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-06 09:28:55 ----D---- C:\Program Files (x86)\CCleaner
2012-04-06 09:11:42 ----D---- C:\Program Files\trend micro
2012-04-02 17:41:50 ----A---- C:\Windows\game.ini
2012-04-01 10:49:47 ----D---- C:\ProgramData\Tages
2012-04-01 09:35:37 ----D---- C:\Users\game\AppData\Roaming\InstallShield
2012-03-10 11:44:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 19:28:46 ----D---- C:\ProgramData\ATI
2012-03-09 19:23:41 ----D---- C:\Program Files (x86)\AMD AVT
2012-03-09 19:23:36 ----D---- C:\Program Files\AMD
2012-03-09 19:23:30 ----D---- C:\Program Files (x86)\AMD APP
2012-03-09 19:13:01 ----D---- C:\AMD
2012-03-07 19:06:33 ----D---- C:\ProgramData\Solidshield

======List of files/folders modified in the last 1 month======

2012-04-06 12:48:40 ----D---- C:\Windows
2012-04-06 12:48:32 ----D---- C:\Windows\system32\config
2012-04-06 12:36:27 ----SHD---- C:\System Volume Information
2012-04-06 12:13:57 ----D---- C:\Windows\system32\drivers
2012-04-06 12:10:43 ----A---- C:\Windows\system.ini
2012-04-06 12:10:34 ----D---- C:\Windows\system32\drivers\etc
2012-04-06 12:07:49 ----RD---- C:\Program Files (x86)
2012-04-06 12:07:48 ----D---- C:\Windows\Tasks
2012-04-06 12:05:39 ----D---- C:\Windows\SYSWOW64\drivers
2012-04-06 12:05:39 ----D---- C:\Windows\SysWOW64
2012-04-06 12:05:39 ----D---- C:\Windows\System32
2012-04-06 12:05:39 ----D---- C:\Windows\AppPatch
2012-04-06 12:05:37 ----D---- C:\Program Files\Common Files
2012-04-06 12:05:37 ----D---- C:\Program Files (x86)\Common Files
2012-04-06 11:39:36 ----D---- C:\Windows\system32\catroot
2012-04-06 11:39:35 ----D---- C:\Windows\system32\catroot2
2012-04-06 11:39:21 ----D---- C:\Windows\winsxs
2012-04-06 11:36:02 ----D---- C:\Windows\inf
2012-04-06 11:36:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-06 11:26:57 ----D---- C:\ProgramData
2012-04-06 11:26:54 ----D---- C:\Users\game\AppData\Roaming\NetMeeting
2012-04-06 10:57:30 ----D---- C:\Windows\Prefetch
2012-04-06 10:55:04 ----SHD---- C:\Windows\Installer
2012-04-06 10:55:01 ----D---- C:\Config.Msi
2012-04-06 09:11:42 ----RD---- C:\Program Files
2012-04-06 09:10:48 ----D---- C:\Windows\Minidump
2012-04-06 08:58:27 ----D---- C:\Windows\system32\Tasks
2012-04-06 08:43:16 ----D---- C:\Users\game\AppData\Roaming\BitComet
2012-04-06 08:43:09 ----D---- C:\Downloads
2012-04-03 20:04:43 ----RSD---- C:\Windows\assembly
2012-04-03 19:31:32 ----D---- C:\hry
2012-04-01 09:37:06 ----D---- C:\Users\game\AppData\Roaming\InstallShield Installation Information
2012-04-01 09:36:40 ----D---- C:\ProgramData\Media Center Programs
2012-03-30 20:18:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-17 20:36:07 ----D---- C:\Users\game\AppData\Roaming\Skype
2012-03-17 20:15:44 ----D---- C:\Program Files (x86)\TeamViewer
2012-03-09 19:23:42 ----D---- C:\ProgramData\AMD
2012-03-09 19:23:37 ----SD---- C:\Users\game\AppData\Roaming\Microsoft
2012-03-09 19:23:36 ----D---- C:\Program Files (x86)\AMD
2012-03-09 19:22:54 ----D---- C:\Program Files\ATI Technologies
2012-03-09 19:18:37 ----D---- C:\Windows\system32\DriverStore
2012-03-07 19:24:02 ----D---- C:\ProgramData\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvamacpi;NVIDIA Away Mode System; C:\Windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 28192]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 254528]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-02-02 43168]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-21 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys []
S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-04-01 311968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-07-30 339744]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-15 235520]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-02-03 66872]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 winmech;Security Services Internet; C:\Windows\winmech\ntservice\srunner.exe [2004-02-18 63488]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-01-07 419624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-23 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------