Prosim o kontrolu logu - obcas BSOD
Napsal: 06 bře 2014 15:29
Prosim o kontrolu logu,
obcas BSOD, preinstalovane ovladace grafiky, cipsetu, memtest bez chyb.
Log z Combofix.
Aj z RSIT.
a prilozeny minidump a HD Tune.png
Dakujem
ComboFix 14-03-05.01 - Bluf 06.03.2014 15:11:03.9.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.3018 [GMT 1:00]
Spuštěný z: c:\users\Bluf\Desktop\viry.cz\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bluf\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Legacy_NPF
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-06 do 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-06 14:17 . 2014-03-06 14:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-06 14:17 . 2014-03-06 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-06 13:57 . 2009-08-24 05:55 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2014-03-06 13:35 . 2014-03-06 13:37 -------- d-----w- c:\program files\WhoCrashed
2014-03-06 11:54 . 2014-03-06 11:54 -------- d-----w- c:\users\Bluf\AppData\Roaming\{0b272c86-71d6-4103-8cc3-da900127ce70}
2014-03-05 08:28 . 2014-03-05 08:28 82816 ----a-w- c:\users\Bluf\AppData\Roaming\pcouffin.sys
2014-03-04 09:35 . 2014-03-04 09:35 -------- d-----w- c:\users\Bluf\AppData\Roaming\dvdcss
2014-03-04 09:35 . 2014-03-04 09:35 -------- d-----w- c:\users\Bluf\AppData\Roaming\All Free DVD to AVI Converter
2014-03-04 09:34 . 2014-03-04 09:34 -------- d-----w- c:\program files (x86)\All Free DVD to AVI Converter
2014-03-04 09:04 . 2014-03-04 09:05 -------- d-----w- c:\users\Bluf\AppData\Roaming\tiger-k
2014-03-04 09:04 . 2014-03-04 09:04 -------- d-----w- c:\users\Bluf\AppData\Roaming\Leawo
2014-03-04 09:04 . 2014-03-04 09:04 -------- d-----w- c:\programdata\Leawo
2014-03-02 23:27 . 2014-03-02 23:27 -------- d-----w- c:\program files (x86)\Geeks3D
2014-03-02 21:48 . 2014-03-02 21:48 -------- d-----w- c:\programdata\ATI
2014-03-02 21:47 . 2014-03-02 21:47 -------- d-----w- c:\program files (x86)\AMD AVT
2014-03-02 21:47 . 2014-03-02 21:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-03-02 21:43 . 2014-03-02 21:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-03-02 21:38 . 2014-03-02 21:38 -------- d-----w- c:\program files\ATI
2014-03-02 21:37 . 2014-03-02 21:46 -------- d-----w- c:\program files\ATI Technologies
2014-03-02 21:21 . 2014-03-02 21:21 -------- d-----w- c:\program files\AMD
2014-03-02 20:49 . 2014-03-02 20:49 -------- d-----w- c:\users\Bluf\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2014-03-02 20:40 . 2014-03-02 20:40 -------- d-----w- c:\users\Bluf\AppData\Roaming\library_dir
2014-03-02 20:35 . 2014-03-02 20:35 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-03-02 20:28 . 2014-03-02 20:35 -------- d-----w- c:\programdata\Package Cache
2014-03-02 18:55 . 2014-03-05 08:10 -------- d-----w- c:\program files\Core Temp
2014-03-02 18:53 . 2014-03-02 18:53 -------- d-----w- c:\programdata\APN
2014-02-18 18:34 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33805378-6E7E-4AD4-BE7A-113C5E791AEB}\mpengine.dll
2014-02-14 18:49 . 2014-02-14 21:34 -------- d-----w- C:\LFS
2014-02-12 12:18 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 12:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 06:51 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-08 03:18 . 2014-02-08 03:31 -------- d-----w- c:\program files (x86)\Race Driver GRID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-06 01:08 . 2012-12-27 11:09 14848 ----a-w- c:\windows\system32\slwga.dll
2014-03-06 01:08 . 2012-12-27 11:11 1008640 ----a-w- c:\windows\system32\user32.dll
2014-03-06 01:08 . 2012-12-27 11:10 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-03-06 01:08 . 2012-12-27 11:09 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-03-06 01:08 . 2012-12-27 11:11 833024 ----a-w- c:\windows\SysWow64\user32.dll
2014-02-16 21:16 . 2012-12-26 12:22 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-03 07:30 . 2014-01-06 18:42 123066 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg
2014-01-14 23:09 . 2014-01-14 23:09 40960 ----a-w- c:\windows\SysWow64\nwsftUninstall.exe
2014-01-06 21:55 . 2014-01-06 21:55 0 ----a-w- c:\windows\SysWow64\FAP18A1.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP72DE.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP702C.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP701A.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF80A.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF172.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF057.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPEFB8.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPEF57.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPB409.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPB119.tmp
2014-01-06 21:29 . 2014-01-06 21:29 0 ----a-w- c:\windows\SysWow64\FAPDF09.tmp
2014-01-06 21:21 . 2014-01-06 21:21 0 ----a-w- c:\windows\SysWow64\FAP60C2.tmp
2014-01-06 21:10 . 2014-01-06 21:10 0 ----a-w- c:\windows\SysWow64\FAP2B5D.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP602F.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP5BBA.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP55BE.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP42B7.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP4006.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP6DA.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP2B2.tmp
2014-01-06 20:48 . 2014-01-06 20:48 0 ----a-w- c:\windows\SysWow64\FAP2D67.tmp
2014-01-06 20:48 . 2014-01-06 20:48 0 ----a-w- c:\windows\SysWow64\FAP293F.tmp
2014-01-06 20:41 . 2014-01-06 20:41 0 ----a-w- c:\windows\SysWow64\FAPC211.tmp
2014-01-06 20:41 . 2014-01-06 20:41 0 ----a-w- c:\windows\SysWow64\FAP8F1C.tmp
2014-01-06 20:39 . 2014-01-06 20:39 0 ----a-w- c:\windows\SysWow64\FAP2B87.tmp
2014-01-06 20:39 . 2014-01-06 20:39 0 ----a-w- c:\windows\SysWow64\FAP19C8.tmp
2014-01-06 20:38 . 2014-01-06 20:38 0 ----a-w- c:\windows\SysWow64\FAPC752.tmp
2014-01-06 20:38 . 2014-01-06 20:38 0 ----a-w- c:\windows\SysWow64\FAP6F70.tmp
2014-01-06 20:34 . 2014-01-06 20:34 0 ----a-w- c:\windows\SysWow64\FAP1E03.tmp
2014-01-06 20:34 . 2014-01-06 20:34 0 ----a-w- c:\windows\SysWow64\FAP1BA0.tmp
2014-01-06 20:29 . 2014-01-06 20:29 0 ----a-w- c:\windows\SysWow64\FAP8C59.tmp
2014-01-06 20:29 . 2014-01-06 20:29 0 ----a-w- c:\windows\SysWow64\FAP7A1D.tmp
2014-01-06 20:25 . 2014-01-06 20:25 0 ----a-w- c:\windows\SysWow64\FAP1E06.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAP28AD.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAP15F5.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAPF1EE.tmp
2014-01-06 20:17 . 2014-01-06 20:17 0 ----a-w- c:\windows\SysWow64\FAPB624.tmp
2014-01-06 20:17 . 2014-01-06 20:17 0 ----a-w- c:\windows\SysWow64\FAP4362.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP97C5.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP261C.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP25F9.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPD70C.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPD6FA.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPB9F5.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPB9D3.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP49DE.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP342A.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP3417.tmp
2014-01-06 20:07 . 2014-01-06 20:07 0 ----a-w- c:\windows\SysWow64\FAP5808.tmp
2014-01-06 20:06 . 2014-01-06 20:06 0 ----a-w- c:\windows\SysWow64\FAP8368.tmp
2014-01-06 20:05 . 2014-01-06 20:05 0 ----a-w- c:\windows\SysWow64\FAPF8D3.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC36E.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC35B.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC339.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC327.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB889.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB867.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB845.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB813.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB571.tmp
2014-01-06 20:00 . 2014-01-06 20:00 0 ----a-w- c:\windows\SysWow64\FAPB7FD.tmp
2014-01-06 19:58 . 2014-01-06 19:58 0 ----a-w- c:\windows\SysWow64\FAP950F.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAP2E8D.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAP1668.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAPFC51.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAPA900.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP7B49.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP51C6.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP2844.tmp
2014-01-06 19:54 . 2014-01-06 19:54 0 ----a-w- c:\windows\SysWow64\FAPB4C7.tmp
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-18 05:13 . 2012-12-23 11:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-14 14:14 . 2013-12-14 14:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-14 14:14 . 2013-12-14 14:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-14 14:14 . 2013-12-14 14:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-14 14:14 . 2013-12-14 14:14 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-14 14:14 . 2013-12-14 14:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-14 14:14 . 2013-12-14 14:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-14 14:14 . 2013-12-14 14:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-14 14:14 . 2013-12-14 14:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-14 14:14 . 2013-12-14 14:14 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-14 14:14 . 2013-12-14 14:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-14 14:14 . 2013-12-14 14:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-14 14:14 . 2013-12-14 14:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-14 14:14 . 2013-12-14 14:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-14 14:14 . 2013-12-14 14:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-14 14:14 . 2013-12-14 14:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-14 14:14 . 2013-12-14 14:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-14 14:14 . 2013-12-14 14:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-14 14:14 . 2013-12-14 14:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-14 14:14 . 2013-12-14 14:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-03-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-03-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Bluf\AppData\Roaming\uTorrent\utorrent.exe" [2013-10-10 393728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\DRIVERS\Jula.sys;c:\windows\SYSNATIVE\DRIVERS\Jula.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\DRIVERS\JulaWDM.sys;c:\windows\SYSNATIVE\DRIVERS\JulaWDM.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef33134a7491b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 10:40]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef331361201fb.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 10:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?tab=wm#inbox
FF - ExtSQL: !HIDDEN! 2013-05-28 15:13; hotfix@mozilla.org; c:\users\Bluf\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c4027ad6000000000000002618f051ff
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15878
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - cs
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=180613_ndt5&tsp=4921
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Freenet - c:\users\Bluf\AppData\Local\Freenet\freenetuninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ani"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cur"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dib"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.emf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.eps"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.gif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icl"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jfif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpe"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpeg"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpg"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mef"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pct"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pcx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pic"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pict"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.png"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
"Progid"="ACDSee 14.psd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rle"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rwl"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tga"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tiff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttc"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17o"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17p"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17pf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wmf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2014-03-06 15:25:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-06 14:25
ComboFix2.txt 2013-09-26 22:41
ComboFix3.txt 2013-08-26 12:13
ComboFix4.txt 2013-07-15 13:02
ComboFix5.txt 2014-03-06 14:10
.
Před spuštěním: Volných bajtů: 43 596 107 776
Po spuštění: Volných bajtů: 43 528 986 624
.
- - End Of File - - 254FE654C331F2D6F0A56BC8D22F89B6
A36C5E4F47E84449FF07ED3517B43A31
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bluf at 2014-03-06 15:34:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 42 GB (22%) free of 191 GB
Total RAM: 4095 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:15, on 6.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Bluf.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe"
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 4335 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"taskhost.exe"
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
notepad.exe "C:\Users\Bluf\AppData\Local\Temp\log.txt"
C:\Windows\explorer.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\Bluf\Desktop\viry.cz\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef33134a7491b.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef331361201fb.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "https://mail.google.com/mail/u/0/?tab=wm#inbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPSibelius.dll
PDFNetC.dll
ScorchAxPlugin.dll
ScorchPDFWrapper.dll
C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\extensions\
ffxtlbr@babylon.com
plugin2@gameplaylabs.com
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e001c731-5e37-4538-a5cb-8168736a2360}
C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\searchplugins\
delta.xml
======Registry dump======
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe [2013-10-10 393728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW14EN]
C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe /pid ACSW14EN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW17EN]
C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [2013-09-25 1414984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioThk32Reg]
REGSVR32.EXE /S CTASIO.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-10-23 3108480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files (x86)\eMule\emule.exe [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JulaPAN.exe]
C:\Windows\system32\JulaPAN.exe [2013-01-18 493336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Bluf\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Bluf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-08-30 766208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bluf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Bluf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-01-03 33508336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bluf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start Freenet.lnk]
C:\Users\Bluf\AppData\Local\Freenet\freenet.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRkrn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRSVC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=0
"NoDevMgrUpdate"=0
"NoDeletePrinter"=0
"NoDFSTab"=0
"NoEncryptOnMove"=0
"NoRunasInstallPrompt"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"NoStartMenuSubFolders"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=0
"NoDevMgrUpdate"=0
"NoDeletePrinter"=0
"NoDFSTab"=0
"NoEncryptOnMove"=0
"NoRunasInstallPrompt"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"NoStartMenuSubFolders"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FPS1"=frapsv64.dll
"midi3"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.ini - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2014-03-06 15:34:13 ----D---- C:\rsit
2014-03-06 15:34:13 ----D---- C:\Program Files\trend micro
2014-03-06 15:25:10 ----A---- C:\ComboFix.txt
2014-03-06 15:19:32 ----D---- C:\$RECYCLE.BIN
2014-03-06 15:17:30 ----D---- C:\Windows\temp
2014-03-06 14:57:40 ----A---- C:\Windows\system32\drivers\AtiPcie.sys
2014-03-06 14:57:25 ----A---- C:\Windows\Language_trs.ini
2014-03-06 14:35:13 ----D---- C:\Program Files\WhoCrashed
2014-03-06 12:54:12 ----D---- C:\Users\Bluf\AppData\Roaming\{0b272c86-71d6-4103-8cc3-da900127ce70}
2014-03-06 12:31:48 ----D---- C:\Config.Msi
2014-03-06 10:00:20 ----A---- C:\Windows\ntbtlog.txt
2014-03-05 09:28:51 ----A---- C:\Users\Bluf\AppData\Roaming\pcouffin.sys
2014-03-04 10:35:44 ----D---- C:\Users\Bluf\AppData\Roaming\dvdcss
2014-03-04 10:35:33 ----D---- C:\Users\Bluf\AppData\Roaming\All Free DVD to AVI Converter
2014-03-04 10:34:48 ----D---- C:\Program Files (x86)\All Free DVD to AVI Converter
2014-03-04 10:04:43 ----D---- C:\Users\Bluf\AppData\Roaming\tiger-k
2014-03-04 10:04:42 ----D---- C:\Users\Bluf\AppData\Roaming\Leawo
2014-03-04 10:04:42 ----D---- C:\ProgramData\Leawo
2014-03-03 00:27:11 ----D---- C:\Program Files (x86)\Geeks3D
2014-03-02 22:48:13 ----D---- C:\ProgramData\ATI
2014-03-02 22:47:39 ----D---- C:\Program Files (x86)\AMD AVT
2014-03-02 22:43:51 ----D---- C:\Program Files (x86)\ATI Technologies
2014-03-02 22:38:07 ----D---- C:\Program Files\ATI
2014-03-02 22:37:26 ----D---- C:\Program Files\ATI Technologies
2014-03-02 22:21:01 ----D---- C:\Program Files\AMD
2014-03-02 21:40:10 ----D---- C:\Users\Bluf\AppData\Roaming\library_dir
2014-03-02 21:35:43 ----D---- C:\Program Files\Common Files\ATI Technologies
2014-03-02 21:28:50 ----D---- C:\ProgramData\Package Cache
2014-03-02 19:55:17 ----D---- C:\Program Files\Core Temp
2014-03-02 19:53:39 ----D---- C:\ProgramData\APN
2014-02-14 19:49:00 ----D---- C:\LFS
2014-02-12 13:18:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 13:18:06 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 13:17:27 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 13:17:27 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 13:17:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 13:17:25 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 13:17:25 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 13:17:24 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 13:17:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 13:17:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 13:17:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 13:17:20 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 13:17:20 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 07:51:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 07:51:52 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:51:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 07:51:51 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 07:51:34 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 07:51:34 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 07:51:34 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:51:34 ----A---- C:\Windows\system32\d2d1.dll
2014-02-08 04:18:21 ----D---- C:\Program Files (x86)\Race Driver GRID
======List of files/folders modified in the last 1 month======
2014-03-06 15:34:13 ----D---- C:\Program Files
2014-03-06 15:33:58 ----D---- C:\Users\Bluf\AppData\Roaming\uTorrent
2014-03-06 15:25:12 ----D---- C:\Windows\system32\drivers
2014-03-06 15:25:12 ----D---- C:\Qoobox
2014-03-06 15:19:33 ----D---- C:\Windows
2014-03-06 15:19:33 ----A---- C:\Windows\system.ini
2014-03-06 15:19:26 ----D---- C:\Windows\system32\drivers\etc
2014-03-06 15:17:52 ----D---- C:\Windows\system32\config
2014-03-06 15:17:34 ----D---- C:\Windows\erdnt
2014-03-06 15:17:07 ----D---- C:\Windows\Microsoft.NET
2014-03-06 15:15:02 ----D---- C:\Windows\SYSWOW64\drivers
2014-03-06 15:15:02 ----D---- C:\Windows\SysWOW64
2014-03-06 15:15:02 ----D---- C:\Windows\AppPatch
2014-03-06 15:15:02 ----D---- C:\Program Files (x86)\Common Files
2014-03-06 14:58:20 ----D---- C:\Windows\system32\catroot
2014-03-06 14:58:17 ----D---- C:\Windows\system32\DriverStore
2014-03-06 14:58:17 ----D---- C:\Windows\inf
2014-03-06 12:58:58 ----D---- C:\Boot
2014-03-06 12:47:44 ----D---- C:\Windows\System32
2014-03-06 12:38:47 ----SHD---- C:\Windows\Installer
2014-03-06 12:37:40 ----SHD---- C:\System Volume Information
2014-03-06 12:37:12 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-06 12:36:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-06 12:36:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-03-06 12:36:22 ----D---- C:\Windows\system32\cs-CZ
2014-03-06 12:31:55 ----D---- C:\Windows\SYSWOW64\en-US
2014-03-06 12:31:55 ----D---- C:\Windows\system32\en-US
2014-03-06 12:19:03 ----D---- C:\Users\Bluf\AppData\Roaming\Dropbox
2014-03-06 12:18:15 ----D---- C:\Windows\Prefetch
2014-03-06 09:57:41 ----D---- C:\Windows\Minidump
2014-03-06 02:12:38 ----D---- C:\Windows\pss
2014-03-06 02:08:46 ----A---- C:\Windows\system32\slwga.dll
2014-03-06 02:08:45 ----A---- C:\Windows\SYSWOW64\slwga.dll
2014-03-06 02:08:45 ----A---- C:\Windows\system32\user32.dll
2014-03-06 02:08:45 ----A---- C:\Windows\system32\systemcpl.dll
2014-03-06 02:08:44 ----A---- C:\Windows\SYSWOW64\user32.dll
2014-03-06 01:09:24 ----D---- C:\Program Files (x86)\Half-Life 2
2014-03-06 01:04:25 ----D---- C:\Windows\system32\catroot2
2014-03-05 10:27:21 ----D---- C:\Users\Bluf\AppData\Roaming\DAEMON Tools Pro
2014-03-05 10:27:20 ----D---- C:\Users\Bluf\AppData\Roaming\Media Player Classic
2014-03-05 10:27:20 ----D---- C:\ProgramData\VSO
2014-03-05 10:26:38 ----D---- C:\Windows\Logs
2014-03-05 10:26:38 ----D---- C:\Windows\debug
2014-03-05 09:30:07 ----D---- C:\Program Files (x86)
2014-03-05 09:28:57 ----D---- C:\Program Files (x86)\VSO
2014-03-05 09:28:51 ----D---- C:\Users\Bluf\AppData\Roaming\Vso
2014-03-05 09:28:31 ----D---- C:\Program Files (x86)\Visual Similarity Duplicate Image Finder
2014-03-05 09:14:04 ----D---- C:\Games
2014-03-05 09:13:05 ----D---- C:\ProgramData
2014-03-05 09:13:05 ----D---- C:\Program Files (x86)\Electronic Arts
2014-03-05 09:11:07 ----D---- C:\Users\Bluf\AppData\Roaming\DigitalVolcano
2014-03-05 09:10:55 ----D---- C:\Program Files (x86)\Dobrodruzny mahjongg - Kapitola 2
2014-03-02 23:06:16 ----D---- C:\ProgramData\ManiaPlanet
2014-03-02 22:47:40 ----D---- C:\ProgramData\AMD
2014-03-02 21:45:31 ----D---- C:\Windows\SYSWOW64\directx
2014-03-02 21:35:43 ----D---- C:\Program Files\Common Files
2014-03-02 21:24:12 ----D---- C:\AMD
2014-03-02 19:50:31 ----D---- C:\Program Files\CPUID
2014-02-16 22:18:34 ----D---- C:\Windows\system32\MRT
2014-02-16 22:16:37 ----A---- C:\Windows\system32\MRT.exe
2014-02-14 11:35:13 ----RSD---- C:\Windows\assembly
2014-02-14 11:30:08 ----D---- C:\Windows\system32\Tasks
2014-02-13 09:58:33 ----D---- C:\Windows\rescache
2014-02-12 17:48:24 ----D---- C:\Windows\winsxs
2014-02-12 17:46:19 ----D---- C:\Program Files\Internet Explorer
2014-02-12 17:46:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-11 12:13:10 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2014-02-10 23:54:27 ----D---- C:\ProgramData\Codemasters
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-28 283200]
R1 Jula.sys;Service for Juli@ Audio Driver EWDM; C:\Windows\system32\DRIVERS\Jula.sys [2013-01-18 61208]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-11-20 57512]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]
R3 JulaWDM.sys;Service for Juli@ WDM; C:\Windows\system32\DRIVERS\JulaWDM.sys [2013-01-18 44312]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-11-20 57512]
S3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-04-12 151296]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-10 252712]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-04-10 580904]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-04-10 863016]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-04-10 700200]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-10 219432]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-10 321832]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-10 190248]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-10 363304]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-04-10 142120]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-10 1571112]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-10 123688]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-04-10 17192]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-04-10 681256]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-04-10 290600]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-10-28 107288]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-04-10 147752]
S3 GenericMount;Generic Mount Driver; C:\Windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2007-04-10 1359144]
S3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2007-04-10 259880]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2007-04-10 295208]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-04-10 218408]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 204568]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM); C:\Windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-24 1255736]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-08-30 344064]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
obcas BSOD, preinstalovane ovladace grafiky, cipsetu, memtest bez chyb.
Log z Combofix.
Aj z RSIT.
a prilozeny minidump a HD Tune.png
Dakujem
ComboFix 14-03-05.01 - Bluf 06.03.2014 15:11:03.9.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.3018 [GMT 1:00]
Spuštěný z: c:\users\Bluf\Desktop\viry.cz\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bluf\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Legacy_NPF
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-06 do 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-06 14:17 . 2014-03-06 14:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-06 14:17 . 2014-03-06 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-06 13:57 . 2009-08-24 05:55 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2014-03-06 13:35 . 2014-03-06 13:37 -------- d-----w- c:\program files\WhoCrashed
2014-03-06 11:54 . 2014-03-06 11:54 -------- d-----w- c:\users\Bluf\AppData\Roaming\{0b272c86-71d6-4103-8cc3-da900127ce70}
2014-03-05 08:28 . 2014-03-05 08:28 82816 ----a-w- c:\users\Bluf\AppData\Roaming\pcouffin.sys
2014-03-04 09:35 . 2014-03-04 09:35 -------- d-----w- c:\users\Bluf\AppData\Roaming\dvdcss
2014-03-04 09:35 . 2014-03-04 09:35 -------- d-----w- c:\users\Bluf\AppData\Roaming\All Free DVD to AVI Converter
2014-03-04 09:34 . 2014-03-04 09:34 -------- d-----w- c:\program files (x86)\All Free DVD to AVI Converter
2014-03-04 09:04 . 2014-03-04 09:05 -------- d-----w- c:\users\Bluf\AppData\Roaming\tiger-k
2014-03-04 09:04 . 2014-03-04 09:04 -------- d-----w- c:\users\Bluf\AppData\Roaming\Leawo
2014-03-04 09:04 . 2014-03-04 09:04 -------- d-----w- c:\programdata\Leawo
2014-03-02 23:27 . 2014-03-02 23:27 -------- d-----w- c:\program files (x86)\Geeks3D
2014-03-02 21:48 . 2014-03-02 21:48 -------- d-----w- c:\programdata\ATI
2014-03-02 21:47 . 2014-03-02 21:47 -------- d-----w- c:\program files (x86)\AMD AVT
2014-03-02 21:47 . 2014-03-02 21:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-03-02 21:43 . 2014-03-02 21:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-03-02 21:38 . 2014-03-02 21:38 -------- d-----w- c:\program files\ATI
2014-03-02 21:37 . 2014-03-02 21:46 -------- d-----w- c:\program files\ATI Technologies
2014-03-02 21:21 . 2014-03-02 21:21 -------- d-----w- c:\program files\AMD
2014-03-02 20:49 . 2014-03-02 20:49 -------- d-----w- c:\users\Bluf\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2014-03-02 20:40 . 2014-03-02 20:40 -------- d-----w- c:\users\Bluf\AppData\Roaming\library_dir
2014-03-02 20:35 . 2014-03-02 20:35 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-03-02 20:28 . 2014-03-02 20:35 -------- d-----w- c:\programdata\Package Cache
2014-03-02 18:55 . 2014-03-05 08:10 -------- d-----w- c:\program files\Core Temp
2014-03-02 18:53 . 2014-03-02 18:53 -------- d-----w- c:\programdata\APN
2014-02-18 18:34 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33805378-6E7E-4AD4-BE7A-113C5E791AEB}\mpengine.dll
2014-02-14 18:49 . 2014-02-14 21:34 -------- d-----w- C:\LFS
2014-02-12 12:18 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 12:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 06:51 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-08 03:18 . 2014-02-08 03:31 -------- d-----w- c:\program files (x86)\Race Driver GRID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-06 01:08 . 2012-12-27 11:09 14848 ----a-w- c:\windows\system32\slwga.dll
2014-03-06 01:08 . 2012-12-27 11:11 1008640 ----a-w- c:\windows\system32\user32.dll
2014-03-06 01:08 . 2012-12-27 11:10 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-03-06 01:08 . 2012-12-27 11:09 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-03-06 01:08 . 2012-12-27 11:11 833024 ----a-w- c:\windows\SysWow64\user32.dll
2014-02-16 21:16 . 2012-12-26 12:22 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-03 07:30 . 2014-01-06 18:42 123066 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg
2014-01-14 23:09 . 2014-01-14 23:09 40960 ----a-w- c:\windows\SysWow64\nwsftUninstall.exe
2014-01-06 21:55 . 2014-01-06 21:55 0 ----a-w- c:\windows\SysWow64\FAP18A1.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP72DE.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP702C.tmp
2014-01-06 21:54 . 2014-01-06 21:54 0 ----a-w- c:\windows\SysWow64\FAP701A.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF80A.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF172.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPF057.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPEFB8.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPEF57.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPB409.tmp
2014-01-06 21:43 . 2014-01-06 21:43 0 ----a-w- c:\windows\SysWow64\FAPB119.tmp
2014-01-06 21:29 . 2014-01-06 21:29 0 ----a-w- c:\windows\SysWow64\FAPDF09.tmp
2014-01-06 21:21 . 2014-01-06 21:21 0 ----a-w- c:\windows\SysWow64\FAP60C2.tmp
2014-01-06 21:10 . 2014-01-06 21:10 0 ----a-w- c:\windows\SysWow64\FAP2B5D.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP602F.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP5BBA.tmp
2014-01-06 21:08 . 2014-01-06 21:08 0 ----a-w- c:\windows\SysWow64\FAP55BE.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP42B7.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP4006.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP6DA.tmp
2014-01-06 20:55 . 2014-01-06 20:55 0 ----a-w- c:\windows\SysWow64\FAP2B2.tmp
2014-01-06 20:48 . 2014-01-06 20:48 0 ----a-w- c:\windows\SysWow64\FAP2D67.tmp
2014-01-06 20:48 . 2014-01-06 20:48 0 ----a-w- c:\windows\SysWow64\FAP293F.tmp
2014-01-06 20:41 . 2014-01-06 20:41 0 ----a-w- c:\windows\SysWow64\FAPC211.tmp
2014-01-06 20:41 . 2014-01-06 20:41 0 ----a-w- c:\windows\SysWow64\FAP8F1C.tmp
2014-01-06 20:39 . 2014-01-06 20:39 0 ----a-w- c:\windows\SysWow64\FAP2B87.tmp
2014-01-06 20:39 . 2014-01-06 20:39 0 ----a-w- c:\windows\SysWow64\FAP19C8.tmp
2014-01-06 20:38 . 2014-01-06 20:38 0 ----a-w- c:\windows\SysWow64\FAPC752.tmp
2014-01-06 20:38 . 2014-01-06 20:38 0 ----a-w- c:\windows\SysWow64\FAP6F70.tmp
2014-01-06 20:34 . 2014-01-06 20:34 0 ----a-w- c:\windows\SysWow64\FAP1E03.tmp
2014-01-06 20:34 . 2014-01-06 20:34 0 ----a-w- c:\windows\SysWow64\FAP1BA0.tmp
2014-01-06 20:29 . 2014-01-06 20:29 0 ----a-w- c:\windows\SysWow64\FAP8C59.tmp
2014-01-06 20:29 . 2014-01-06 20:29 0 ----a-w- c:\windows\SysWow64\FAP7A1D.tmp
2014-01-06 20:25 . 2014-01-06 20:25 0 ----a-w- c:\windows\SysWow64\FAP1E06.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAP28AD.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAP15F5.tmp
2014-01-06 20:18 . 2014-01-06 20:18 0 ----a-w- c:\windows\SysWow64\FAPF1EE.tmp
2014-01-06 20:17 . 2014-01-06 20:17 0 ----a-w- c:\windows\SysWow64\FAPB624.tmp
2014-01-06 20:17 . 2014-01-06 20:17 0 ----a-w- c:\windows\SysWow64\FAP4362.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP97C5.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP261C.tmp
2014-01-06 20:16 . 2014-01-06 20:16 0 ----a-w- c:\windows\SysWow64\FAP25F9.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPD70C.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPD6FA.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPB9F5.tmp
2014-01-06 20:15 . 2014-01-06 20:15 0 ----a-w- c:\windows\SysWow64\FAPB9D3.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP49DE.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP342A.tmp
2014-01-06 20:10 . 2014-01-06 20:10 0 ----a-w- c:\windows\SysWow64\FAP3417.tmp
2014-01-06 20:07 . 2014-01-06 20:07 0 ----a-w- c:\windows\SysWow64\FAP5808.tmp
2014-01-06 20:06 . 2014-01-06 20:06 0 ----a-w- c:\windows\SysWow64\FAP8368.tmp
2014-01-06 20:05 . 2014-01-06 20:05 0 ----a-w- c:\windows\SysWow64\FAPF8D3.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC36E.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC35B.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC339.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPC327.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB889.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB867.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB845.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB813.tmp
2014-01-06 20:03 . 2014-01-06 20:03 0 ----a-w- c:\windows\SysWow64\FAPB571.tmp
2014-01-06 20:00 . 2014-01-06 20:00 0 ----a-w- c:\windows\SysWow64\FAPB7FD.tmp
2014-01-06 19:58 . 2014-01-06 19:58 0 ----a-w- c:\windows\SysWow64\FAP950F.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAP2E8D.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAP1668.tmp
2014-01-06 19:56 . 2014-01-06 19:56 0 ----a-w- c:\windows\SysWow64\FAPFC51.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAPA900.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP7B49.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP51C6.tmp
2014-01-06 19:55 . 2014-01-06 19:55 0 ----a-w- c:\windows\SysWow64\FAP2844.tmp
2014-01-06 19:54 . 2014-01-06 19:54 0 ----a-w- c:\windows\SysWow64\FAPB4C7.tmp
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-18 05:13 . 2012-12-23 11:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-14 14:14 . 2013-12-14 14:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-14 14:14 . 2013-12-14 14:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-14 14:14 . 2013-12-14 14:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-14 14:14 . 2013-12-14 14:14 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-14 14:14 . 2013-12-14 14:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-14 14:14 . 2013-12-14 14:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-14 14:14 . 2013-12-14 14:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-14 14:14 . 2013-12-14 14:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-14 14:14 . 2013-12-14 14:14 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-14 14:14 . 2013-12-14 14:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-14 14:14 . 2013-12-14 14:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-14 14:14 . 2013-12-14 14:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-14 14:14 . 2013-12-14 14:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-14 14:14 . 2013-12-14 14:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-14 14:14 . 2013-12-14 14:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-14 14:14 . 2013-12-14 14:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-14 14:14 . 2013-12-14 14:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-14 14:14 . 2013-12-14 14:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-14 14:14 . 2013-12-14 14:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-03-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-03-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Bluf\AppData\Roaming\uTorrent\utorrent.exe" [2013-10-10 393728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\DRIVERS\Jula.sys;c:\windows\SYSNATIVE\DRIVERS\Jula.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\DRIVERS\JulaWDM.sys;c:\windows\SYSNATIVE\DRIVERS\JulaWDM.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef33134a7491b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 10:40]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef331361201fb.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 10:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bluf\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?tab=wm#inbox
FF - ExtSQL: !HIDDEN! 2013-05-28 15:13; hotfix@mozilla.org; c:\users\Bluf\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c4027ad6000000000000002618f051ff
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15878
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - cs
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=180613_ndt5&tsp=4921
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Freenet - c:\users\Bluf\AppData\Local\Freenet\freenetuninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ani"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cur"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dib"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.emf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.eps"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.gif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icl"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jfif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpe"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpeg"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpg"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mef"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pct"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pcx"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pic"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pict"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.png"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
"Progid"="ACDSee 14.psd"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rle"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rwl"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tga"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tiff"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttc"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17o"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17p"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17pf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wmf"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xif"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1230921218-179560564-2204913223-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xmp"
.
[HKEY_USERS\S-1-5-21-1230921218-179560564-2204913223-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2014-03-06 15:25:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-06 14:25
ComboFix2.txt 2013-09-26 22:41
ComboFix3.txt 2013-08-26 12:13
ComboFix4.txt 2013-07-15 13:02
ComboFix5.txt 2014-03-06 14:10
.
Před spuštěním: Volných bajtů: 43 596 107 776
Po spuštění: Volných bajtů: 43 528 986 624
.
- - End Of File - - 254FE654C331F2D6F0A56BC8D22F89B6
A36C5E4F47E84449FF07ED3517B43A31
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bluf at 2014-03-06 15:34:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 42 GB (22%) free of 191 GB
Total RAM: 4095 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:15, on 6.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Bluf.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe"
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 4335 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"taskhost.exe"
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
notepad.exe "C:\Users\Bluf\AppData\Local\Temp\log.txt"
C:\Windows\explorer.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\Bluf\Desktop\viry.cz\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef33134a7491b.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef331361201fb.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "https://mail.google.com/mail/u/0/?tab=wm#inbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPSibelius.dll
PDFNetC.dll
ScorchAxPlugin.dll
ScorchPDFWrapper.dll
C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\extensions\
ffxtlbr@babylon.com
plugin2@gameplaylabs.com
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e001c731-5e37-4538-a5cb-8168736a2360}
C:\Users\Bluf\AppData\Roaming\Mozilla\Firefox\Profiles\sw7wvqxd.default\searchplugins\
delta.xml
======Registry dump======
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\Bluf\AppData\Roaming\uTorrent\utorrent.exe [2013-10-10 393728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW14EN]
C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe /pid ACSW14EN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW17EN]
C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [2013-09-25 1414984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioThk32Reg]
REGSVR32.EXE /S CTASIO.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-10-23 3108480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files (x86)\eMule\emule.exe [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JulaPAN.exe]
C:\Windows\system32\JulaPAN.exe [2013-01-18 493336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Bluf\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Bluf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-08-30 766208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bluf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Bluf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-01-03 33508336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bluf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start Freenet.lnk]
C:\Users\Bluf\AppData\Local\Freenet\freenet.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRkrn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRSVC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=0
"NoDevMgrUpdate"=0
"NoDeletePrinter"=0
"NoDFSTab"=0
"NoEncryptOnMove"=0
"NoRunasInstallPrompt"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"NoStartMenuSubFolders"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=0
"NoDevMgrUpdate"=0
"NoDeletePrinter"=0
"NoDFSTab"=0
"NoEncryptOnMove"=0
"NoRunasInstallPrompt"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"NoStartMenuSubFolders"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FPS1"=frapsv64.dll
"midi3"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.ini - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2014-03-06 15:34:13 ----D---- C:\rsit
2014-03-06 15:34:13 ----D---- C:\Program Files\trend micro
2014-03-06 15:25:10 ----A---- C:\ComboFix.txt
2014-03-06 15:19:32 ----D---- C:\$RECYCLE.BIN
2014-03-06 15:17:30 ----D---- C:\Windows\temp
2014-03-06 14:57:40 ----A---- C:\Windows\system32\drivers\AtiPcie.sys
2014-03-06 14:57:25 ----A---- C:\Windows\Language_trs.ini
2014-03-06 14:35:13 ----D---- C:\Program Files\WhoCrashed
2014-03-06 12:54:12 ----D---- C:\Users\Bluf\AppData\Roaming\{0b272c86-71d6-4103-8cc3-da900127ce70}
2014-03-06 12:31:48 ----D---- C:\Config.Msi
2014-03-06 10:00:20 ----A---- C:\Windows\ntbtlog.txt
2014-03-05 09:28:51 ----A---- C:\Users\Bluf\AppData\Roaming\pcouffin.sys
2014-03-04 10:35:44 ----D---- C:\Users\Bluf\AppData\Roaming\dvdcss
2014-03-04 10:35:33 ----D---- C:\Users\Bluf\AppData\Roaming\All Free DVD to AVI Converter
2014-03-04 10:34:48 ----D---- C:\Program Files (x86)\All Free DVD to AVI Converter
2014-03-04 10:04:43 ----D---- C:\Users\Bluf\AppData\Roaming\tiger-k
2014-03-04 10:04:42 ----D---- C:\Users\Bluf\AppData\Roaming\Leawo
2014-03-04 10:04:42 ----D---- C:\ProgramData\Leawo
2014-03-03 00:27:11 ----D---- C:\Program Files (x86)\Geeks3D
2014-03-02 22:48:13 ----D---- C:\ProgramData\ATI
2014-03-02 22:47:39 ----D---- C:\Program Files (x86)\AMD AVT
2014-03-02 22:43:51 ----D---- C:\Program Files (x86)\ATI Technologies
2014-03-02 22:38:07 ----D---- C:\Program Files\ATI
2014-03-02 22:37:26 ----D---- C:\Program Files\ATI Technologies
2014-03-02 22:21:01 ----D---- C:\Program Files\AMD
2014-03-02 21:40:10 ----D---- C:\Users\Bluf\AppData\Roaming\library_dir
2014-03-02 21:35:43 ----D---- C:\Program Files\Common Files\ATI Technologies
2014-03-02 21:28:50 ----D---- C:\ProgramData\Package Cache
2014-03-02 19:55:17 ----D---- C:\Program Files\Core Temp
2014-03-02 19:53:39 ----D---- C:\ProgramData\APN
2014-02-14 19:49:00 ----D---- C:\LFS
2014-02-12 13:18:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 13:18:06 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 13:17:27 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 13:17:27 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 13:17:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 13:17:26 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 13:17:25 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 13:17:25 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 13:17:25 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 13:17:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 13:17:24 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 13:17:24 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 13:17:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 13:17:23 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 13:17:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 13:17:22 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 13:17:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 13:17:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 13:17:20 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 13:17:20 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 07:51:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 07:51:52 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:51:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 07:51:51 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:51:41 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 07:51:40 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:51:40 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 07:51:34 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 07:51:34 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 07:51:34 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:51:34 ----A---- C:\Windows\system32\d2d1.dll
2014-02-08 04:18:21 ----D---- C:\Program Files (x86)\Race Driver GRID
======List of files/folders modified in the last 1 month======
2014-03-06 15:34:13 ----D---- C:\Program Files
2014-03-06 15:33:58 ----D---- C:\Users\Bluf\AppData\Roaming\uTorrent
2014-03-06 15:25:12 ----D---- C:\Windows\system32\drivers
2014-03-06 15:25:12 ----D---- C:\Qoobox
2014-03-06 15:19:33 ----D---- C:\Windows
2014-03-06 15:19:33 ----A---- C:\Windows\system.ini
2014-03-06 15:19:26 ----D---- C:\Windows\system32\drivers\etc
2014-03-06 15:17:52 ----D---- C:\Windows\system32\config
2014-03-06 15:17:34 ----D---- C:\Windows\erdnt
2014-03-06 15:17:07 ----D---- C:\Windows\Microsoft.NET
2014-03-06 15:15:02 ----D---- C:\Windows\SYSWOW64\drivers
2014-03-06 15:15:02 ----D---- C:\Windows\SysWOW64
2014-03-06 15:15:02 ----D---- C:\Windows\AppPatch
2014-03-06 15:15:02 ----D---- C:\Program Files (x86)\Common Files
2014-03-06 14:58:20 ----D---- C:\Windows\system32\catroot
2014-03-06 14:58:17 ----D---- C:\Windows\system32\DriverStore
2014-03-06 14:58:17 ----D---- C:\Windows\inf
2014-03-06 12:58:58 ----D---- C:\Boot
2014-03-06 12:47:44 ----D---- C:\Windows\System32
2014-03-06 12:38:47 ----SHD---- C:\Windows\Installer
2014-03-06 12:37:40 ----SHD---- C:\System Volume Information
2014-03-06 12:37:12 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-06 12:36:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-06 12:36:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-03-06 12:36:22 ----D---- C:\Windows\system32\cs-CZ
2014-03-06 12:31:55 ----D---- C:\Windows\SYSWOW64\en-US
2014-03-06 12:31:55 ----D---- C:\Windows\system32\en-US
2014-03-06 12:19:03 ----D---- C:\Users\Bluf\AppData\Roaming\Dropbox
2014-03-06 12:18:15 ----D---- C:\Windows\Prefetch
2014-03-06 09:57:41 ----D---- C:\Windows\Minidump
2014-03-06 02:12:38 ----D---- C:\Windows\pss
2014-03-06 02:08:46 ----A---- C:\Windows\system32\slwga.dll
2014-03-06 02:08:45 ----A---- C:\Windows\SYSWOW64\slwga.dll
2014-03-06 02:08:45 ----A---- C:\Windows\system32\user32.dll
2014-03-06 02:08:45 ----A---- C:\Windows\system32\systemcpl.dll
2014-03-06 02:08:44 ----A---- C:\Windows\SYSWOW64\user32.dll
2014-03-06 01:09:24 ----D---- C:\Program Files (x86)\Half-Life 2
2014-03-06 01:04:25 ----D---- C:\Windows\system32\catroot2
2014-03-05 10:27:21 ----D---- C:\Users\Bluf\AppData\Roaming\DAEMON Tools Pro
2014-03-05 10:27:20 ----D---- C:\Users\Bluf\AppData\Roaming\Media Player Classic
2014-03-05 10:27:20 ----D---- C:\ProgramData\VSO
2014-03-05 10:26:38 ----D---- C:\Windows\Logs
2014-03-05 10:26:38 ----D---- C:\Windows\debug
2014-03-05 09:30:07 ----D---- C:\Program Files (x86)
2014-03-05 09:28:57 ----D---- C:\Program Files (x86)\VSO
2014-03-05 09:28:51 ----D---- C:\Users\Bluf\AppData\Roaming\Vso
2014-03-05 09:28:31 ----D---- C:\Program Files (x86)\Visual Similarity Duplicate Image Finder
2014-03-05 09:14:04 ----D---- C:\Games
2014-03-05 09:13:05 ----D---- C:\ProgramData
2014-03-05 09:13:05 ----D---- C:\Program Files (x86)\Electronic Arts
2014-03-05 09:11:07 ----D---- C:\Users\Bluf\AppData\Roaming\DigitalVolcano
2014-03-05 09:10:55 ----D---- C:\Program Files (x86)\Dobrodruzny mahjongg - Kapitola 2
2014-03-02 23:06:16 ----D---- C:\ProgramData\ManiaPlanet
2014-03-02 22:47:40 ----D---- C:\ProgramData\AMD
2014-03-02 21:45:31 ----D---- C:\Windows\SYSWOW64\directx
2014-03-02 21:35:43 ----D---- C:\Program Files\Common Files
2014-03-02 21:24:12 ----D---- C:\AMD
2014-03-02 19:50:31 ----D---- C:\Program Files\CPUID
2014-02-16 22:18:34 ----D---- C:\Windows\system32\MRT
2014-02-16 22:16:37 ----A---- C:\Windows\system32\MRT.exe
2014-02-14 11:35:13 ----RSD---- C:\Windows\assembly
2014-02-14 11:30:08 ----D---- C:\Windows\system32\Tasks
2014-02-13 09:58:33 ----D---- C:\Windows\rescache
2014-02-12 17:48:24 ----D---- C:\Windows\winsxs
2014-02-12 17:46:19 ----D---- C:\Program Files\Internet Explorer
2014-02-12 17:46:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-11 12:13:10 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2014-02-10 23:54:27 ----D---- C:\ProgramData\Codemasters
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-28 283200]
R1 Jula.sys;Service for Juli@ Audio Driver EWDM; C:\Windows\system32\DRIVERS\Jula.sys [2013-01-18 61208]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-11-20 57512]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]
R3 JulaWDM.sys;Service for Juli@ WDM; C:\Windows\system32\DRIVERS\JulaWDM.sys [2013-01-18 44312]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-11-20 57512]
S3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-04-12 151296]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-10 252712]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-04-10 580904]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-04-10 863016]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-04-10 700200]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-10 219432]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-10 321832]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-10 190248]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-10 363304]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-04-10 142120]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-10 1571112]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-10 123688]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-04-10 17192]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-04-10 681256]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-04-10 290600]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-10-28 107288]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-04-10 147752]
S3 GenericMount;Generic Mount Driver; C:\Windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2007-04-10 1359144]
S3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2007-04-10 259880]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2007-04-10 295208]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-04-10 218408]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 204568]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM); C:\Windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-24 1255736]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-08-30 344064]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
