VIRY.CZ

Dobrý den, prosím o kontrolu počítače po několika letech provozu, žádná chyba ani problém se nejspíš neprojevují, jen nějaký problém s aplikací hamachi, to možná vyřeší odinstalace.

Log z rsit:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-01-23 18:57:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (41%) free of 53 GB
Total RAM: 895 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:22, on 23.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAEC1FDD-17C1-4D4C-B2A2-0886F9594FF9}: NameServer = 10.132.27.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1305795C-352F-4560-828F-87277E3B2348}: NameServer = 10.132.27.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6975 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Final Media Player Update Checker.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-527237240-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-527237240-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\wenacu1o.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

E:\intrnet8\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

E:\intrnet8\components\
binary.manifest
browsercomps.dll

E:\intrnet8\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-11-02 19580520]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe"="C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker"
"C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe"="C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.001\CF_Downloader.exe"="C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.001\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\World of Warcraft\Launcher.exe"="C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\World of Warcraft\Launcher.patch.exe"="C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.002\CF_Downloader.exe"="C:\Documents and Settings\admin\Local Settings\Temp\7ZipSfx.002\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\Documents and Settings\admin\Local Settings\Temp\CF_Downloader.exe"="C:\Documents and Settings\admin\Local Settings\Temp\CF_Downloader.exe:*:Enabled:CrossFire_Downloader"
"E:\thht\CrossFire\CF_G4box.exe"="E:\thht\CrossFire\CF_G4box.exe:*:Enabled:cf launcher"
"E:\PUNSKE_VALKY.EXE"="E:\PUNSKE_VALKY.EXE:*:Enabled:PUNSKE_VALKY"
"E:\cs 1.6\hl.exe"="E:\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"E:\steam\Steam.exe"="E:\steam\Steam.exe:*:Enabled:Steam"
"E:\cs 1.6\csko.exe"="E:\cs 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Farming Simulator 2011 Demo\FarmingSimulator2011.exe"="C:\Program Files\Farming Simulator 2011 Demo\FarmingSimulator2011.exe:*:Enabled:Farming Simulator 2011 Demo"
"C:\Program Files\Farming Simulator 2011 Demo\game.exe"="C:\Program Files\Farming Simulator 2011 Demo\game.exe:*:Enabled:Farming Simulator 2011 Demo"
"E:\Traktor 2\game.exe"="E:\Traktor 2\game.exe:*:Disabled:GIANTS Game Engine"
"E:\CrossFire\CF_G4box.exe"="E:\CrossFire\CF_G4box.exe:*:Enabled:cf launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Counter-Strike Source\hl2.exe"="E:\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2013-01-23 18:57:57 ----D---- C:\Program Files\trend micro
2013-01-23 18:57:56 ----D---- C:\rsit
2013-01-23 18:53:33 ----D---- C:\Program Files\Setup Files
2013-01-23 18:51:28 ----A---- C:\WINDOWS\acpimof.dll
2013-01-23 18:51:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2013-01-23 18:13:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2013-01-23 18:04:04 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ATI
2013-01-23 18:02:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2013-01-23 18:01:38 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-01-23 18:01:38 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2013-01-23 17:59:54 ----D---- C:\WINDOWS\Prefetch
2013-01-23 17:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2013-01-23 17:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2013-01-23 17:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2013-01-23 17:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2013-01-23 17:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2013-01-23 17:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2013-01-23 17:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2013-01-23 17:45:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2013-01-23 17:44:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2013-01-23 17:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2013-01-23 17:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2013-01-23 17:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2013-01-23 17:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2013-01-23 17:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2013-01-23 17:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2013-01-23 17:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2013-01-23 17:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2013-01-23 17:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2013-01-23 17:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2013-01-23 17:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2013-01-23 17:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2013-01-23 17:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2013-01-23 17:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2013-01-23 17:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2013-01-23 17:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2013-01-23 17:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2013-01-23 17:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2013-01-23 17:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2013-01-23 17:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2013-01-23 17:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2013-01-23 17:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2013-01-23 17:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2013-01-23 17:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2013-01-23 17:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2013-01-23 17:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2013-01-23 17:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2013-01-23 17:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2013-01-23 17:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2013-01-23 17:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2013-01-23 17:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2013-01-23 17:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2013-01-23 17:12:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2013-01-23 17:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2013-01-23 17:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2013-01-23 17:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2013-01-23 17:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2013-01-23 17:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2013-01-23 17:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2013-01-23 17:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2013-01-23 17:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2013-01-23 17:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2013-01-23 17:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2013-01-23 17:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2013-01-23 17:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2013-01-23 16:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2013-01-23 16:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2013-01-23 16:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2013-01-23 16:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2013-01-23 16:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2013-01-23 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2013-01-23 16:50:52 ----N---- C:\WINDOWS\system32\smtpapi.dll
2013-01-23 16:50:52 ----N---- C:\WINDOWS\system32\rwnh.dll
2013-01-23 16:50:52 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2013-01-23 16:50:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2013-01-23 16:50:50 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2013-01-23 16:50:50 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2013-01-23 16:50:50 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2013-01-23 16:50:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dot3api.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dimsroam.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\credssp.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2013-01-23 16:50:49 ----N---- C:\WINDOWS\system32\azroles.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\dot3ui.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\dot3svc.dll
2013-01-23 16:50:48 ----N---- C:\WINDOWS\system32\dot3msm.dll
2013-01-23 16:50:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2013-01-23 16:50:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2013-01-23 16:50:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2013-01-23 16:50:47 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2013-01-23 16:50:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\napstat.exe
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mssha.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2013-01-23 16:50:46 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2013-01-23 16:50:45 ----N---- C:\WINDOWS\system32\qcliprov.dll
2013-01-23 16:50:45 ----N---- C:\WINDOWS\system32\qagentrt.dll
2013-01-23 16:50:45 ----N---- C:\WINDOWS\system32\qagent.dll
2013-01-23 16:50:45 ----N---- C:\WINDOWS\system32\onex.dll
2013-01-23 16:50:45 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\slserv.exe
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\slrundll.exe
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\slgen.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\slextspk.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\slcoinst.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\setupn.exe
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\s3gnb.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\rasqec.dll
2013-01-23 16:50:44 ----N---- C:\WINDOWS\system32\qutil.dll
2013-01-23 16:50:43 ----N---- C:\WINDOWS\system32\verclsid.exe
2013-01-23 16:50:43 ----N---- C:\WINDOWS\system32\tspkg.dll
2013-01-23 16:50:43 ----N---- C:\WINDOWS\system32\tsgqec.dll
2013-01-23 16:50:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2013-01-23 16:50:41 ----N---- C:\WINDOWS\system32\xmllite.dll
2013-01-23 16:50:40 ----N---- C:\WINDOWS\slrundll.exe
2013-01-23 16:50:40 ----D---- C:\WINDOWS\system32\cs-cz
2013-01-23 16:50:39 ----D---- C:\WINDOWS\system32\cs
2013-01-23 16:50:39 ----D---- C:\WINDOWS\system32\bits
2013-01-23 16:50:39 ----D---- C:\WINDOWS\l2schemas
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2013-01-23 16:46:49 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2013-01-23 16:46:49 ----D---- C:\WINDOWS\network diagnostic
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2013-01-23 16:46:48 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2013-01-23 16:46:47 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2013-01-23 16:46:46 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2013-01-23 16:46:45 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2013-01-23 16:45:24 ----A---- C:\WINDOWS\002892_.tmp
2013-01-23 16:45:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-01-23 16:42:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2013-01-23 14:55:58 ----D---- C:\Program Files\Lavalys
2013-01-23 12:28:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-01-23 12:28:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-01-23 12:28:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-01-23 12:28:14 ----D---- C:\Program Files\CCleaner
2013-01-21 17:58:53 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-01-21 17:58:50 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2013-01-06 19:59:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Firefly Studios
2013-01-05 12:01:00 ----D---- C:\Fraps

======List of files/folders modified in the last 1 month======

2013-01-23 18:57:57 ----RD---- C:\Program Files
2013-01-23 18:57:57 ----D---- C:\WINDOWS\Temp
2013-01-23 18:54:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-23 18:51:28 ----D---- C:\WINDOWS
2013-01-23 18:16:36 ----SHD---- C:\RECYCLER
2013-01-23 18:16:36 ----D---- C:\WINDOWS\Debug
2013-01-23 18:02:32 ----SHD---- C:\WINDOWS\Installer
2013-01-23 18:02:32 ----SHD---- C:\Config.Msi
2013-01-23 18:01:58 ----D---- C:\WINDOWS\system32
2013-01-23 18:01:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-23 18:01:37 ----D---- C:\Documents and Settings
2013-01-23 18:00:27 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-23 17:59:30 ----D---- C:\WINDOWS\system32\wbem
2013-01-23 17:59:30 ----D---- C:\WINDOWS\system32\Setup
2013-01-23 17:59:30 ----D---- C:\WINDOWS\AppPatch
2013-01-23 17:59:29 ----RSD---- C:\WINDOWS\Fonts
2013-01-23 17:59:25 ----D---- C:\WINDOWS\system32\drivers
2013-01-23 17:59:21 ----D---- C:\WINDOWS\security
2013-01-23 17:52:55 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-23 17:52:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-23 17:52:20 ----HD---- C:\WINDOWS\inf
2013-01-23 17:44:12 ----D---- C:\Program Files\Outlook Express
2013-01-23 17:38:27 ----D---- C:\Program Files\Movie Maker
2013-01-23 16:56:33 ----D---- C:\Program Files\Messenger
2013-01-23 16:50:57 ----D---- C:\WINDOWS\WinSxS
2013-01-23 16:50:53 ----D---- C:\WINDOWS\ehome
2013-01-23 16:50:52 ----D---- C:\WINDOWS\system32\inetsrv
2013-01-23 16:50:51 ----D---- C:\WINDOWS\ime
2013-01-23 16:50:51 ----D---- C:\WINDOWS\Help
2013-01-23 16:50:40 ----D---- C:\WINDOWS\system32\usmt
2013-01-23 16:50:40 ----D---- C:\Program Files\Internet Explorer
2013-01-23 16:50:39 ----D---- C:\WINDOWS\PeerNet
2013-01-23 16:48:27 ----D---- C:\WINDOWS\system32\Restore
2013-01-23 16:48:27 ----D---- C:\WINDOWS\system32\npp
2013-01-23 16:48:26 ----D---- C:\WINDOWS\msagent
2013-01-23 16:48:25 ----D---- C:\WINDOWS\srchasst
2013-01-23 16:48:24 ----D---- C:\Program Files\NetMeeting
2013-01-23 16:48:23 ----D---- C:\WINDOWS\system32\Com
2013-01-23 16:48:22 ----D---- C:\Program Files\Windows NT
2013-01-23 16:48:22 ----D---- C:\Program Files\Windows Media Player
2013-01-23 16:48:19 ----D---- C:\Program Files\Common Files\System
2013-01-23 16:48:05 ----D---- C:\WINDOWS\system32\oobe
2013-01-23 16:48:03 ----D---- C:\WINDOWS\system
2013-01-23 16:11:29 ----D---- C:\Program Files\Google
2013-01-23 16:00:33 ----A---- C:\WINDOWS\NeroDigital.ini
2013-01-23 15:47:33 ----SD---- C:\WINDOWS\Tasks
2013-01-23 15:41:06 ----D---- C:\WINDOWS\Logs
2013-01-23 15:41:04 ----D---- C:\WINDOWS\Minidump
2013-01-23 15:39:59 ----D---- C:\Program Files\Sony Online Entertainment
2013-01-23 15:34:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2013-01-23 14:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2013-01-23 12:20:39 ----RD---- C:\Program Files\Skype
2013-01-23 12:20:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-01-20 20:12:52 ----D---- C:\WINDOWS\system32\config
2013-01-12 00:49:45 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-02-13 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-11 3488768]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-11-02 6188648]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 avhhzm38;avhhzm38; C:\WINDOWS\system32\drivers\avhhzm38.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6; \??\C:\Program Files\Setup Files\Ms7367v390\NTIOLib.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-12-29 276968]
S3 UCORESYS;UCORESYS; \??\C:\PROGRA~1\SETUPF~1\MS7367~1\UCORESYS.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva383;XDva383; \??\C:\WINDOWS\system32\XDva383.sys []
S3 XDva384;XDva384; \??\C:\WINDOWS\system32\XDva384.sys []
S3 XDva385;XDva385; \??\C:\WINDOWS\system32\XDva385.sys []
S3 XDva391;XDva391; \??\C:\WINDOWS\system32\XDva391.sys []
S3 XDva401;XDva401; \??\C:\WINDOWS\system32\XDva401.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-11 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-08-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-16 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-16 135664]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Roli píše:Log odstraněn z CODE

Zdravím, nejsem si jist zda Ti pomůžu s Hamachi, protože tomuhle softíku neholduji,

ale těch šmejdů Tě zbavím.

Tohle fixni v HJT :

O3 - Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Administrator.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

LightScribeService Direct Disc Labeling Service

NBService - Nero AG

NMIndexingService - Nero AG

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Problém s Hamachi odstraněn odinstalací.

log z Combofix:

ComboFix 13-01-23.01 - Administrator 24.01.2013 11:29:40.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.296 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET4A0.tmp
E:\Uninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-24 do 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-23 15:46 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2013-01-23 15:45 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002892_.tmp
2013-01-23 13:55 . 2013-01-23 13:55 -------- d-----w- c:\program files\Lavalys
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 11:28 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\program files\CCleaner
2013-01-21 16:58 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-01-21 16:58 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-01-06 18:59 . 2013-01-06 18:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Firefly Studios
2013-01-05 11:01 . 2013-01-05 13:59 -------- d-----w- C:\Fraps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 19:42 . 2012-12-15 19:42 605126 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-11-29 08:13 . 2011-09-13 13:58 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\PUNSKE_VALKY.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2011 14:33 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [22.6.2011 7:25 583640]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23.1.2013 12:28 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.1.2012 11:48 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.1.2013 12:28 21104]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\Setup Files\Ms7367v390\NTIOLib.sys [23.1.2013 18:53 7680]
S3 UCORESYS;UCORESYS;\??\c:\progra~1\SETUPF~1\MS7367~1\UCORESYS.SYS --> c:\progra~1\SETUPF~1\MS7367~1\UCORESYS.SYS [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva401;XDva401;\??\c:\windows\system32\XDva401.sys --> c:\windows\system32\XDva401.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NBSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-24 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-19 15:50]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 05:56]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 05:56]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://search.chatzum.com/
TCP: DhcpNameServer = 192.168.88.1
TCP: Interfaces\{EAEC1FDD-17C1-4D4C-B2A2-0886F9594FF9}: NameServer = 10.132.27.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\wenacu1o.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 11:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-01-24 11:37:16
ComboFix-quarantined-files.txt 2013-01-24 10:37
.
Před spuštěním: Volných bajtů: 25 621 434 368
Po spuštění: Volných bajtů: 27 470 557 184
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2533CC332ACD7BDD4203F9E9889996CB

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\002892_.tmp
c:\windows\system32\XDva383.sys
c:\windows\system32\XDva384.sys
c:\windows\system32\XDva385.sys
c:\windows\system32\XDva391.sys
c:\windows\system32\XDva401.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
XDva383
XDva384
XDva385
XDva391
XDva401

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 13-01-23.01 - Administrator 24.01.2013 22:13:10.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2943.2209 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\002892_.tmp"
"c:\windows\system32\XDva383.sys"
"c:\windows\system32\XDva384.sys"
"c:\windows\system32\XDva385.sys"
"c:\windows\system32\XDva391.sys"
"c:\windows\system32\XDva401.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\002892_.tmp
c:\windows\iun6002.exe
c:\windows\system32\roboot.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA383
-------\Legacy_XDVA384
-------\Legacy_XDVA385
-------\Legacy_XDVA391
-------\Legacy_XDVA401
-------\Service_XDva383
-------\Service_XDva384
-------\Service_XDva385
-------\Service_XDva391
-------\Service_XDva401
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-24 do 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-23 19:34 . 2013-01-23 19:34 -------- d-----w- c:\program files\VideoLAN
2013-01-23 17:57 . 2013-01-24 10:08 -------- d-----w- c:\program files\trend micro
2013-01-23 17:57 . 2013-01-23 17:58 -------- d-----w- C:\rsit
2013-01-23 17:53 . 2013-01-23 17:53 -------- d-----w- c:\program files\Setup Files
2013-01-23 17:51 . 2012-08-22 09:19 11832 ----a-w- c:\windows\acpimof.dll
2013-01-23 17:01 . 2013-01-24 10:11 -------- d-----w- c:\documents and settings\Administrator
2013-01-23 15:46 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2013-01-23 13:55 . 2013-01-23 13:55 -------- d-----w- c:\program files\Lavalys
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 11:28 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 11:28 . 2013-01-23 11:28 -------- d-----w- c:\program files\CCleaner
2013-01-21 16:58 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-01-21 16:58 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-01-06 18:59 . 2013-01-06 18:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Firefly Studios
2013-01-05 11:01 . 2013-01-05 13:59 -------- d-----w- C:\Fraps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 19:42 . 2012-12-15 19:42 605126 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-11-29 08:13 . 2011-09-13 13:58 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\PUNSKE_VALKY.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2011 14:33 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23.1.2013 12:28 682344]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [22.6.2011 7:25 583640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.1.2013 12:28 21104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.1.2012 11:48 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\Setup Files\Ms7367v390\NTIOLib.sys [23.1.2013 18:53 7680]
S3 UCORESYS;UCORESYS;\??\c:\progra~1\SETUPF~1\MS7367~1\UCORESYS.SYS --> c:\progra~1\SETUPF~1\MS7367~1\UCORESYS.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-24 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-19 15:50]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://search.chatzum.com/
TCP: DhcpNameServer = 192.168.88.1
TCP: Interfaces\{EAEC1FDD-17C1-4D4C-B2A2-0886F9594FF9}: NameServer = 10.132.27.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\wenacu1o.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2013-01-24 22:24:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-24 21:24
ComboFix2.txt 2013-01-24 10:37
.
Před spuštěním: Volných bajtů: 27 482 374 144
Po spuštění: Volných bajtů: 27 387 539 456
.
- - End Of File - - 4B4C776D8DAA4A16A303209A7621B912

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

Počítač vypadá v pořádku a neprojevuje se žádný problém, díky za Váš čas a pomoc

Není zač a

VIRY.CZ

kontrola počítače

kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače