Nejde spustit příkazová řádka, programy atd....

[CP5_]

Dobrý den,
nevím jestli to může mít nějakou souvislost, ale předevčírem jsem instaloval total commander, abych mohl do PS3 nahrát zálohu hry (hra projetá antivirem a v pořádku). A už tehdy jsem si všimnul, že soubory v průzkumníku se déle načítají (ikony a podobně) a včera totálně buglé PC. nejdou spustit programy, příkazová řádka, když najedu na nějaké data v průzkumníku (když se ho povede zapnout) nenačtou se vůbec ikony. HDD projetý 2x v HDD regenerátor a 2x ve Win, je v pořádku. Myslím že v režimu nouze všechny funkce fungují. Nevím tedy jestli to může být widlemi a přeinstit. Prosím o radu, jestli nejsou nějaké skryté viry v pc jelikož jinak se bojím aby to něbylo něco s HW, třeba CPU nebo nějaká sběrnice... nadruhou stranu aspon bych věděl že v PC nic neni a mohl bych si v klidu přetáhnout data ve stavu nouze na ext

kombo :

ComboFix 13-03-07.03 - Hany 08.03.2013 11:21:47.1.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3835.2986 [GMT 1:00]
Spuštěný z: d:\download\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\programdata\Premium\ZoomEx\run10FA.tmp
c:\programdata\Premium\ZoomEx\run12B8.tmp
c:\programdata\Premium\ZoomEx\run1645.tmp
c:\programdata\Premium\ZoomEx\run1876.tmp
c:\programdata\Premium\ZoomEx\run266D.tmp
c:\programdata\Premium\ZoomEx\run2BC8.tmp
c:\programdata\Premium\ZoomEx\run2D7A.tmp
c:\programdata\Premium\ZoomEx\run2DF9.tmp
c:\programdata\Premium\ZoomEx\run2E15.tmp
c:\programdata\Premium\ZoomEx\run2F4.tmp
c:\programdata\Premium\ZoomEx\run3C25.tmp
c:\programdata\Premium\ZoomEx\run414B.tmp
c:\programdata\Premium\ZoomEx\run436C.tmp
c:\programdata\Premium\ZoomEx\run43A7.tmp
c:\programdata\Premium\ZoomEx\run461B.tmp
c:\programdata\Premium\ZoomEx\run4803.tmp
c:\programdata\Premium\ZoomEx\run4D64.tmp
c:\programdata\Premium\ZoomEx\run51F6.tmp
c:\programdata\Premium\ZoomEx\run5256.tmp
c:\programdata\Premium\ZoomEx\run56DD.tmp
c:\programdata\Premium\ZoomEx\run57CF.tmp
c:\programdata\Premium\ZoomEx\run589A.tmp
c:\programdata\Premium\ZoomEx\run590E.tmp
c:\programdata\Premium\ZoomEx\run592.tmp
c:\programdata\Premium\ZoomEx\run592A.tmp
c:\programdata\Premium\ZoomEx\run59A3.tmp
c:\programdata\Premium\ZoomEx\run5D02.tmp
c:\programdata\Premium\ZoomEx\run605E.tmp
c:\programdata\Premium\ZoomEx\run67E8.tmp
c:\programdata\Premium\ZoomEx\run6C50.tmp
c:\programdata\Premium\ZoomEx\run6EAD.tmp
c:\programdata\Premium\ZoomEx\run7D6B.tmp
c:\programdata\Premium\ZoomEx\run7DA7.tmp
c:\programdata\Premium\ZoomEx\run81F2.tmp
c:\programdata\Premium\ZoomEx\run843F.tmp
c:\programdata\Premium\ZoomEx\run8443.tmp
c:\programdata\Premium\ZoomEx\run95D8.tmp
c:\programdata\Premium\ZoomEx\run9756.tmp
c:\programdata\Premium\ZoomEx\run99B6.tmp
c:\programdata\Premium\ZoomEx\run99C2.tmp
c:\programdata\Premium\ZoomEx\run9D8D.tmp
c:\programdata\Premium\ZoomEx\runA208.tmp
c:\programdata\Premium\ZoomEx\runA544.tmp
c:\programdata\Premium\ZoomEx\runA8BF.tmp
c:\programdata\Premium\ZoomEx\runA989.tmp
c:\programdata\Premium\ZoomEx\runACE8.tmp
c:\programdata\Premium\ZoomEx\runB203.tmp
c:\programdata\Premium\ZoomEx\runB838.tmp
c:\programdata\Premium\ZoomEx\runC24C.tmp
c:\programdata\Premium\ZoomEx\runD7EE.tmp
c:\programdata\Premium\ZoomEx\runE5C6.tmp
c:\programdata\Premium\ZoomEx\runE6A6.tmp
c:\programdata\Premium\ZoomEx\runED71.tmp
c:\programdata\Premium\ZoomEx\runF3B2.tmp
c:\programdata\Premium\ZoomEx\runFB58.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-08 do 2013-03-08 )))))))))))))))))))))))))))))))
.
.
2013-03-08 10:26 . 2013-03-08 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 01:47 . 2013-02-28 08:36 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-08 01:47 . 2013-02-28 08:36 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-08 01:47 . 2013-02-28 08:36 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-08 01:47 . 2013-02-28 08:36 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-08 01:47 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-08 01:47 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-08 01:47 . 2013-02-28 08:36 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-08 01:46 . 2013-02-28 08:36 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-08 01:46 . 2013-02-28 08:35 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-07 16:06 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-07 16:05 . 2013-03-07 16:05 -------- d-----w- c:\program files\AVAST Software
2013-03-07 16:05 . 2013-03-08 01:46 -------- d-----w- c:\programdata\AVAST Software
2013-03-05 19:26 . 2013-03-05 19:26 -------- d-----w- c:\users\Hany\AppData\Local\GHISLER
2013-03-05 19:26 . 2013-03-06 16:36 -------- d-----w- c:\users\Hany\AppData\Roaming\GHISLER
2013-03-05 19:26 . 2013-03-05 19:26 -------- d-----w- C:\totalcmd
2013-03-05 02:12 . 2013-03-05 02:15 -------- d-----w- c:\programdata\Protexis64
2013-03-05 02:11 . 2013-03-05 02:12 -------- d-----w- c:\users\Hany\AppData\Roaming\Corel
2013-03-05 02:06 . 2013-03-05 02:06 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-03-05 02:06 . 2013-03-05 02:06 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-03-05 02:05 . 2013-03-05 02:05 -------- d-----w- c:\program files\Common Files\Corel
2013-03-05 02:04 . 2013-03-05 02:04 -------- d-----w- c:\program files\Common Files\Protexis
2013-03-05 02:04 . 2013-03-05 02:04 -------- d-----w- c:\programdata\Corel
2013-03-02 00:03 . 2013-03-02 00:05 -------- d-----w- c:\users\Hany\AppData\Local\Facebook
2013-02-25 16:44 . 2013-02-25 16:44 -------- d-----w- c:\users\Hany\AppData\Local\SKIDROW
2013-02-25 16:33 . 2013-02-25 16:33 -------- d-----w- c:\users\Hany\AppData\Roaming\SpeedyPC Software
2013-02-25 16:33 . 2013-02-25 16:33 -------- d-----w- c:\users\Hany\AppData\Roaming\DriverCure
2013-02-25 16:32 . 2013-02-25 16:36 -------- d-----w- c:\programdata\SpeedyPC Software
2013-02-21 20:23 . 2013-02-21 20:26 -------- d-----w- c:\users\Hany\AppData\Roaming\Red Alert 3
2013-02-21 19:55 . 2013-03-08 10:11 -------- d-----w- c:\users\Hany\AppData\Local\LogMeIn Hamachi
2013-02-21 18:28 . 2013-02-21 18:28 -------- d-----w- c:\programdata\Age of Empires 3
2013-02-20 12:44 . 2013-02-20 12:44 -------- d-----w- c:\users\Hany\AppData\Roaming\Ubisoft
2013-02-19 13:58 . 2013-02-19 13:58 -------- d-----w- c:\users\Hany\AppData\Roaming\IonFx
2013-02-19 13:53 . 2013-02-19 13:53 -------- d-----w- C:\GOG Games
2013-02-18 19:43 . 2013-02-18 19:43 -------- d-----w- c:\users\Hany\AppData\Roaming\TuneUp Software
2013-02-18 19:43 . 2013-02-18 19:43 -------- d-----w- c:\programdata\TuneUp Software
2013-02-18 19:43 . 2013-02-18 19:43 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-18 19:43 . 2013-02-18 19:43 -------- d--h--w- c:\programdata\Common Files
2013-02-18 19:42 . 2013-03-01 22:50 -------- d-----w- c:\users\Hany\AppData\Roaming\Xfire
2013-02-18 19:42 . 2013-02-28 17:18 -------- d-----w- c:\programdata\Xfire
2013-02-18 19:42 . 2013-02-18 19:42 -------- d-----w- c:\users\Hany\AppData\Roaming\OpenCandy
2013-02-18 01:29 . 2013-02-18 01:29 -------- d-----w- c:\programdata\Sony
2013-02-18 01:29 . 2013-02-18 01:29 -------- d-----w- c:\program files (x86)\Sony
2013-02-17 21:39 . 2013-03-05 10:21 -------- d-----w- c:\users\Hany\AppData\Roaming\mIRC
2013-02-17 21:38 . 2013-02-17 21:38 -------- d-----w- c:\windows\system32\appmgmt
2013-02-17 11:54 . 2013-02-17 11:57 -------- d-----w- c:\users\Hany\AppData\Local\Nokia
2013-02-17 11:54 . 2013-02-17 11:59 -------- d-----w- c:\users\Hany\AppData\Roaming\PC Suite
2013-02-17 11:54 . 2013-02-17 11:54 -------- d-----w- c:\programdata\PC Suite
2013-02-17 11:54 . 2013-02-17 21:37 -------- d-----w- c:\programdata\Nokia
2013-02-17 11:53 . 2013-02-17 11:53 -------- d-----w- c:\program files\DIFX
2013-02-17 11:53 . 2012-10-17 12:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-02-17 11:53 . 2013-02-17 11:53 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-17 11:53 . 2013-02-17 11:53 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-02-17 11:53 . 2012-11-09 14:33 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2013-02-17 11:51 . 2013-02-17 21:38 -------- d-----w- c:\program files (x86)\Nokia
2013-02-13 00:26 . 2013-02-13 00:26 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-02-13 00:26 . 2013-02-13 00:26 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-02-07 18:24 . 2010-04-01 13:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2013-02-07 18:24 . 2009-10-09 23:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2013-02-07 18:24 . 2009-03-03 00:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2013-02-07 18:24 . 2011-03-17 02:14 4642816 ----a-w- c:\windows\system32\stlang64.dll
2013-02-07 18:24 . 2011-03-17 02:14 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2013-02-07 18:24 . 2011-03-17 02:14 1128448 ----a-w- c:\windows\sttray64.exe
2013-02-07 18:24 . 2011-03-17 02:14 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-02-07 18:24 . 2011-03-17 02:14 220160 ----a-w- c:\windows\system32\staco64.dll
2013-02-07 18:24 . 2011-03-17 02:14 652288 ------w- c:\windows\system32\stapi64.dll
2013-02-07 18:24 . 2011-03-17 02:14 431616 ----a-w- c:\windows\system32\stcplx64.dll
2013-02-07 18:24 . 2011-03-17 02:14 1500672 ----a-w- c:\windows\system32\stapo64.dll
2013-02-07 18:23 . 2013-02-07 18:25 -------- d-----w- c:\program files\IDT
2013-02-07 17:02 . 2013-02-07 17:02 -------- d-sh--w- c:\windows\ftpcache
2013-02-07 15:45 . 2013-02-07 15:45 -------- d-----w- c:\windows\SysWow64\sda
2013-02-07 15:44 . 2011-03-24 15:20 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2013-02-07 15:44 . 2011-03-24 15:20 337512 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2013-02-07 03:27 . 2013-03-05 19:57 -------- d-----w- c:\users\Hany\AppData\Local\PokerStars
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 22:16 . 2013-01-14 11:22 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-05 22:16 . 2013-01-14 01:32 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-05 22:16 . 2013-01-14 01:32 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-27 12:46 . 2013-01-13 21:56 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 12:46 . 2013-01-13 21:56 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-19 12:36 . 2013-01-14 01:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-29 12:37 . 2013-01-14 14:52 1361200 ----a-w- c:\windows\system32\dmwu.exe
2013-01-29 12:36 . 2013-01-14 14:52 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-25 01:28 . 2013-01-25 01:29 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-25 01:28 . 2013-01-25 01:29 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-25 01:28 . 2013-01-25 01:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 14:52 . 2013-01-14 14:52 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-13 21:22 . 2013-01-13 21:22 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-01-13 21:22 . 2013-01-13 21:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2013-01-13 21:22 . 2013-01-13 21:22 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-01-13 21:22 . 2013-01-13 21:22 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-01-13 21:22 . 2013-01-13 21:22 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{32F4FC08-DA92-A554-668C-9ED8E2EBD96D}]
2013-01-16 07:21 118784 ----a-w- c:\programdata\Zoomex\50f654f747867.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:30 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Hany\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-02 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-01-29 1361200]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 2375168]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-24 337512]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-14 283200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 12:46]
.
2013-03-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-08 08:36]
.
2013-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852072678-3238734256-4077257036-1000Core.job
- c:\users\Hany\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02 00:03]
.
2013-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852072678-3238734256-4077257036-1000UA.job
- c:\users\Hany\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02 00:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchab.com/?aff=7&uid=818d5f20-5ea5-11e2-9517-e02a82d4e401
mStart Page = hxxp://searchab.com/?aff=7&uid=818d5f20-5ea5-11e2-9517-e02a82d4e401
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.com/search?ie=UTF-8&o ... =navclient& gfns=1&q=
FF - prefs.js: keyword.URL - http://www.google.com/search?ie=UTF-8&o ... =navclient& gfns=1&q=
FF - ExtSQL: 2013-01-14 15:53; ffxtlbr@incredibar.com; c:\users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default\extensions\ffxtlbr@incredibar.com
FF - ExtSQL: 2013-01-16 08:21; 50f654f7476d7@50f654f747710.com; c:\users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default\extensions\50f654f7476d7@50f654f747710.com
FF - ExtSQL: 2013-03-03 18:49; {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}; c:\program files\IB Updater\Firefox
FF - ExtSQL: 2013-03-08 02:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQVMRnlbF&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 266e506b000000000000e02a82f93687
FF - user.js: extensions.incredibar_i.instlDay - 15719
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:53
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQVMRnlbF
FF - user.js: extensions.incredibar_i.upn2n - 92544270998446847
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-08 11:28:33
ComboFix-quarantined-files.txt 2013-03-08 10:28
.
Před spuštěním: Volných bajtů: 47 928 029 184
Po spuštění: Volných bajtů: 48 679 030 784
.
- - End Of File - - DA5F08B2AF11374EB1FA18EDC30D7036



RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hany at 2013-03-08 11:48:10
Microsoft Windows 7 Ultimate
System drive C: has 47 GB (62%) free of 75 GB
Total RAM: 3835 MB (79% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
"D:\Program Files (x86)\Xfire\Xfire.exe"
"D:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 1672
"D:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 1672
"C:\Users\Hany\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\avast! Emergency Update.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852072678-3238734256-4077257036-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852072678-3238734256-4077257036-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default

prefs.js - "browser.startup.homepage" - "www.google.com/search?ie=UTF-8&oe=UTF-8 ... =navclient& gfns=1&q= "
prefs.js - "keyword.URL" - "www.google.com/search?ie=UTF-8&oe=UTF-8 ... =navclient& gfns=1&q= "

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\IB Updater\Firefox
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=C:\Program Files\IB Updater\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default\extensions\
50f654f7476d7@50f654f747710.com
ffxtlbr@incredibar.com

C:\Users\Hany\AppData\Roaming\Mozilla\Firefox\Profiles\pjcz9dj6.default\searchplugins\
MyStart Search.xml
Searchab.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-02-28 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32F4FC08-DA92-A554-668C-9ED8E2EBD96D}]
Zoomex - C:\ProgramData\Zoomex\50f654f747867.dll [2013-01-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
IB Updater - C:\Program Files\IB Updater\Extension32.dll [2013-01-29 170840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-25 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-02-28 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-25 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-02-28 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-02-28 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-03-17 1128448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Hany\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2013-02-07 3494992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2012-03-09 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2013-01-07 446648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
D:\PROGRA~3\GAMEPA~1\gpcl.exe [2011-07-29 442880]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-09 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"LogMeIn Hamachi Ui"=D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-02-28 4767304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-03-08 11:48:10 ----D---- C:\rsit
2013-03-08 11:48:10 ----D---- C:\Program Files\trend micro
2013-03-08 11:28:35 ----D---- C:\Windows\temp
2013-03-08 11:28:34 ----A---- C:\ComboFix.txt
2013-03-08 11:20:17 ----A---- C:\Windows\zip.exe
2013-03-08 11:20:17 ----A---- C:\Windows\SWSC.exe
2013-03-08 11:20:17 ----A---- C:\Windows\SWREG.exe
2013-03-08 11:20:17 ----A---- C:\Windows\sed.exe
2013-03-08 11:20:17 ----A---- C:\Windows\PEV.exe
2013-03-08 11:20:17 ----A---- C:\Windows\NIRCMD.exe
2013-03-08 11:20:17 ----A---- C:\Windows\MBR.exe
2013-03-08 11:20:17 ----A---- C:\Windows\grep.exe
2013-03-08 11:20:10 ----D---- C:\Qoobox
2013-03-08 11:19:53 ----D---- C:\Windows\erdnt
2013-03-08 02:47:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-03-08 02:47:03 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-03-08 02:47:01 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-03-08 02:47:01 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-03-08 02:47:00 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-08 02:47:00 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-03-08 02:47:00 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-08 02:46:54 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-03-08 02:46:53 ----A---- C:\Windows\system32\aswBoot.exe
2013-03-08 02:44:35 ----A---- C:\Windows\ntbtlog.txt
2013-03-07 17:06:13 ----A---- C:\Windows\avastSS.scr
2013-03-07 17:05:56 ----D---- C:\Program Files\AVAST Software
2013-03-07 17:05:15 ----D---- C:\ProgramData\AVAST Software
2013-03-05 20:26:10 ----D---- C:\Users\Hany\AppData\Roaming\GHISLER
2013-03-05 20:26:10 ----D---- C:\totalcmd
2013-03-05 03:12:22 ----D---- C:\ProgramData\Protexis64
2013-03-05 03:11:00 ----D---- C:\Users\Hany\AppData\Roaming\Corel
2013-03-05 03:06:26 ----D---- C:\Program Files (x86)\Microsoft SDKs
2013-03-05 03:06:25 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-03-05 03:05:23 ----D---- C:\Program Files\Common Files\Corel
2013-03-05 03:04:52 ----D---- C:\Program Files\Common Files\Protexis
2013-03-05 03:04:50 ----D---- C:\ProgramData\Corel
2013-03-05 02:58:57 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X6
2013-02-25 17:33:11 ----D---- C:\Users\Hany\AppData\Roaming\SpeedyPC Software
2013-02-25 17:33:11 ----D---- C:\Users\Hany\AppData\Roaming\DriverCure
2013-02-25 17:32:56 ----D---- C:\ProgramData\SpeedyPC Software
2013-02-21 21:23:46 ----D---- C:\Users\Hany\AppData\Roaming\Red Alert 3
2013-02-21 19:28:29 ----D---- C:\ProgramData\Age of Empires 3
2013-02-21 00:45:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-02-20 13:44:41 ----D---- C:\Users\Hany\AppData\Roaming\Ubisoft
2013-02-19 14:58:46 ----D---- C:\Users\Hany\AppData\Roaming\IonFx
2013-02-19 14:53:34 ----D---- C:\GOG Games
2013-02-18 20:43:33 ----D---- C:\Users\Hany\AppData\Roaming\TuneUp Software
2013-02-18 20:43:27 ----D---- C:\ProgramData\TuneUp Software
2013-02-18 20:43:23 ----SHD---- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-18 20:43:23 ----HD---- C:\ProgramData\Common Files
2013-02-18 20:42:51 ----D---- C:\Users\Hany\AppData\Roaming\Xfire
2013-02-18 20:42:47 ----D---- C:\ProgramData\Xfire
2013-02-18 20:42:44 ----D---- C:\Users\Hany\AppData\Roaming\OpenCandy
2013-02-18 02:29:31 ----D---- C:\ProgramData\Sony
2013-02-18 02:29:31 ----D---- C:\Program Files (x86)\Sony
2013-02-17 22:39:33 ----D---- C:\Users\Hany\AppData\Roaming\mIRC
2013-02-17 22:38:50 ----D---- C:\Windows\system32\appmgmt
2013-02-17 12:54:46 ----D---- C:\Users\Hany\AppData\Roaming\PC Suite
2013-02-17 12:54:44 ----D---- C:\ProgramData\PC Suite
2013-02-17 12:54:19 ----D---- C:\ProgramData\Nokia
2013-02-17 12:53:52 ----D---- C:\Program Files\DIFX
2013-02-17 12:53:51 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2013-02-17 12:53:50 ----DC---- C:\Windows\system32\DRVSTORE
2013-02-17 12:53:45 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2013-02-17 12:53:24 ----A---- C:\Windows\system32\nmwcdclsX64.dll
2013-02-17 12:51:52 ----D---- C:\ProgramData\NokiaInstallerCache
2013-02-17 12:51:52 ----D---- C:\Program Files (x86)\Nokia
2013-02-13 01:26:34 ----A---- C:\Windows\SYSWOW64\xfcodec.dll
2013-02-13 01:26:34 ----A---- C:\Windows\system32\xfcodec64.dll

======List of files/folders modified in the last 1 month======

2013-03-08 11:48:10 ----RD---- C:\Program Files
2013-03-08 11:33:16 ----D---- C:\Windows\System32
2013-03-08 11:33:16 ----D---- C:\Windows\inf
2013-03-08 11:33:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-08 11:28:36 ----D---- C:\Windows\system32\drivers
2013-03-08 11:28:35 ----D---- C:\Windows
2013-03-08 11:26:39 ----A---- C:\Windows\system.ini
2013-03-08 11:26:34 ----D---- C:\Windows\system32\drivers\etc
2013-03-08 11:26:00 ----RD---- C:\Program Files (x86)
2013-03-08 11:23:57 ----D---- C:\Windows\SYSWOW64\drivers
2013-03-08 11:23:57 ----D---- C:\Windows\SysWOW64
2013-03-08 11:23:57 ----D---- C:\Windows\AppPatch
2013-03-08 11:23:56 ----D---- C:\Program Files (x86)\Common Files
2013-03-08 11:17:41 ----D---- C:\Windows\Prefetch
2013-03-08 06:33:48 ----D---- C:\Windows\system32\config
2013-03-08 03:05:16 ----D---- C:\Program Files (x86)\ZoomEx
2013-03-08 02:48:35 ----D---- C:\Windows\Tasks
2013-03-08 02:48:35 ----D---- C:\Windows\system32\Tasks
2013-03-07 17:22:50 ----D---- C:\Windows\system32\wdi
2013-03-07 17:05:48 ----SHD---- C:\System Volume Information
2013-03-07 17:05:15 ----D---- C:\ProgramData
2013-03-07 14:25:42 ----D---- C:\Users\Hany\AppData\Roaming\vlc
2013-03-06 17:31:46 ----D---- C:\Users\Hany\AppData\Roaming\uTorrent
2013-03-05 23:16:51 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-03-05 20:57:06 ----D---- C:\Program Files (x86)\CS Poker
2013-03-05 04:02:58 ----RSD---- C:\Windows\assembly
2013-03-05 04:02:58 ----D---- C:\Windows\Microsoft.NET
2013-03-05 03:09:20 ----SHD---- C:\Windows\Installer
2013-03-05 03:09:03 ----D---- C:\ProgramData\Microsoft Help
2013-03-05 03:08:15 ----SD---- C:\Users\Hany\AppData\Roaming\Microsoft
2013-03-05 03:08:15 ----SD---- C:\ProgramData\Microsoft
2013-03-05 03:05:56 ----D---- C:\Windows\winsxs
2013-03-05 03:05:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-03-05 03:05:23 ----D---- C:\Program Files\Common Files
2013-03-05 03:02:27 ----RSD---- C:\Windows\Fonts
2013-03-03 18:49:21 ----D---- C:\Program Files\IB Updater
2013-02-27 13:46:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-02-22 01:30:57 ----D---- C:\Users\Hany\AppData\Roaming\TS3Client
2013-02-21 21:56:10 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-21 18:53:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-02-19 15:08:11 ----D---- C:\ProgramData\Adobe
2013-02-19 15:05:16 ----D---- C:\Windows\system32\catroot
2013-02-19 13:36:03 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2013-02-18 20:04:28 ----A---- C:\Windows\game.ini
2013-02-18 02:31:19 ----D---- C:\Windows\system32\DriverStore
2013-02-18 02:31:11 ----D---- C:\Windows\system32\catroot2
2013-02-17 12:58:26 ----D---- C:\Windows\system32\drivers\UMDF
2013-02-16 19:55:50 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-02-28 65408]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-02-28 177672]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-14 283200]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-02-28 71064]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-02-28 1025880]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-02-28 377992]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-02-28 68992]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-02-28 33472]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 10859040]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 329760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2013-01-13 3065408]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-03-24 337512]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-03-17 521728]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-02-28 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 IB Updater;IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760]
S2 IBUpdaterService;IBUpdaterService; C:\Windows\system32\dmwu.exe [2013-01-29 1361200]
S2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 2375168]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-02-19 76888]
S2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2013-03-05 214520]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2011-03-17 297984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 251248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-21 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-09 235520]

-----------------EOF-----------------


moc díky

[vyosek]

Zdravim

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[CP5_]

snažil jsem se o co nejvíc informací a jelikož http://forum.viry.cz/viewtopic.php?f=13&t=99450&start=0 jsem se snažil řídit tímto postupem tak je tam hned doporučeno udělat kombo. Přiznám na rovinu že licenční ujednání nečtu... Mám tedy přeinstalovat Widle a nesnažit se o zálohu? ještě jednou se omlouvám

[vyosek]

A muzu vedet, proc nectete licencni ujednani?? Takze kdyz Vam poslu programek, dam si tam licencni ujednani a zahrnu do nich ze mi poslete na ucet 5000, tak je pak muzu po Vas klidne vymahat - souhlasil jste s nimi...

Jeste se zeptam, na tu nejvyssi licenci WIndows Ultimate mate zakoupeny klic nebo nekde stahnuty z nebo a cracknute, neboli, jsou ty windows legalni??

[CP5_]

A jéjé zase se našel jeden pán chytrej, kterej si vše čte a vše běží koupit takže, když vy instalujete jakýkoliv program, tak si čtete 5x A4 apod. ? Navíc i kdybych si to přečetl, tak si program nainstaluju. To je asi jako když si jdu koupit multimetr a je v manuálu napsáno, že s ním má zacházet jen elektrikáři Ale hádám, že vy jste ten typ člověka co má podmínky za písmo svaté a poslouchá slovo od slova. To je mi pal líto takovejch lidí.... a JÁ to aspon dokázal přiznat, že jsem to nečetl.... to vy jste zajisté pán dokonalý.

[vyosek]

A jeje, zas jeden chytrejsi nez vsichni okolo a warez nejlepsi pritel ze...

A cloveku s timto arogantnim chovanim opravdu nemam chut venovat svuj volny cas abych mu pomohl...


Podminky fora jsou zcela jasne, porusujete je, my tu pomoc muzeme, ne musime a ja vam pomoci odmitnutam

[CP5_]

Zajímavé, že jste ani na jednu otázku neodpověděl ano jistě abyste věděl tak PSko mam taky flešlé a můžu si do něj stáhnout co chci.... winy mám , že když to chce key tak tám jen další... a notas mam od lidí co vykrádají tiráky.. sice s francouskou klávesnicí ale zato s 80% cenou. Také kde by v česku na to student měl brát peníze nemyslíte? Čímž netvrdím, že kdybych peníze měl tak bych si předražené origo koupil. Prostě jsem člověk co na to neni. Řikáte, že já jsem arogantní ale jsem arogantní jen když se ke mě někdo arogantně chová. Ihned jste na mě zautočil a nazýval se GURU bohem a já, že ani neumím zapnout pc, přitom combo moderátoři radí v 90% případů a dělají bůhví co z toho, že mi vyčtete že mám ZoomEX a incredibar.

[vyosek]

Ano, CF radci pouzivaji, jelikoz s nim umi a v pripade problemu uzivatele navedou k naprave ci opravnemu postupu

Ja se jen ptal, jestli s CF umite, abych vedel s kym jednam a jestli je pak nutne psat podrobne postupy nebo jen treba poradit ci nasmerovat co je treba opravit. CF dale dela nekolik ukonu na pozadi, aniz by o nich dal vedet v logu, ne jen ze smaze IncrediBar jak se da vycist v logu

Ano, ja licencni podminky ctu...Nenazyvam se tu GURU bohem, ale nekym, kdo ve svem volnem case a zdarma se snazi pomoci a myslim ze stovky spokojenych uzivatelu jsou toho jasnym dukazem.

btw, jsem tez studentem a nedela mi problem koupit si aspon ty zakladni veci jako je windows, office a bezpecnosti program

Timto bych to uzavrel, pokud k tomu pripadne jeste neco vecneho mate, tak via mail.

[Pavuk29]

Vyosek, mas trpezlivost. Ja by som uz topic lockol a operativne pouzil carovne tlacitko so zltym ovocim.