Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Menšia preventívka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#16 Příspěvek od tinostar91 »

Dnes mi začal Windows vyhadzovať, že detekoval problémy s diskom (to isté aj keď som zapínal PC v BIOSe)
Neviem, či to nieje planý poplach, tak vkladám:

----------------------------------------------------------------------------
CrystalDiskInfo 4.1.3 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2012/03/30 15:48:29

-- Controller Map ----------------------------------------------------------
+ Standard AHCI 1.0 Serial ATA Controller [ATA]
+ ATA Channel 0 (0)
- TOSHIBA MK5055GSX ATA Device
+ ATA Channel 1 (1)
- hp DVD RW AD-7561S ATA Device
- ATA Channel 2 (2)
- AKWM53GF IDE Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MK5055GSX : 500.1 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) TOSHIBA MK5055GSX
----------------------------------------------------------------------------
Model : TOSHIBA MK5055GSX
Firmware : FG002C
Serial Number : X999C3H3T
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 6774 hod.
Power On Count : 2143 krát
Temparature : 46 C (114 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chybných čítaní
02 100 100 _50 000000000000 Priechodnosť disku
03 100 100 __2 000000000647 Čas na roztočenie platní
04 100 100 __0 0000000008AD Počet spustení/zastavení
05 _10 _10 _10 000000000735 Počet premapovaných sektorov
07 100 100 _50 000000000000 Počet chybných vyhľadávaní
08 100 100 _50 000000000000 Čas potrebný na vyhľadanie
09 _84 _84 __0 000000001A76 Počet odpracovaných hodín
0A 144 100 _30 000000000000 Počet opakovaných pokusov o roztočenie platní
0C 100 100 __0 00000000085F Počet cyklov zapnutia zariadenia
B7 100 100 __1 000000000000 Neznámy
B8 100 100 _97 000000000000 Priame chyby
B9 100 100 __1 00000000FFFF Neznámy
BB 100 100 __0 000000000000 Zaznamenané neopraviteľné chyby
BC 100 _99 __0 000000000003 Limit na príkaz
BD 100 100 __1 000000000000 Zápisy veľkého preletu
BE _54 _38 _45 00003015002E Teplota toku vzduchu
BF 100 100 __0 0000000000BC Počet udalostí zaznamenaných otrasovým senzorom
C0 100 100 __0 000000280028 Počet vypnutí disku
C1 _94 _94 __0 00000000FE68 Počet cyklov načítania/vymazania
C4 100 100 __0 000000000119 Počet udalostí s cieľom realokovania sektorov
C5 100 100 __0 000000000000 Počet podozrivých sektorov
C7 200 200 __0 000000000000 Počet chýb v kontrolnom súčte UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 00 40 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 58
020: 39 39 39 43 33 48 33 54 00 00 40 00 00 04 46 47
030: 30 30 32 43 20 20 54 4F 53 48 49 42 41 20 4D 4B
040: 35 30 35 35 47 53 58 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 40 00 2F 00 40 00 02 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 07 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 0D 06 00 00 00 4C 00 48
0A0: 01 F8 00 00 70 6B 7C 09 61 23 70 69 BC 09 61 23
0B0: 20 3F 00 4C 00 4C 00 80 FF FE 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 50 00 03 92 13 70 2A CA
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 04
0F0: 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 33 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 1F 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9A A5
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#17 Příspěvek od motji »

Ten disk dobře nevypadá :?: , ale Toschiba mívá v crystalu zkreslené výsledky.

:arrow: Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#18 Příspěvek od tinostar91 »

Takže bežalo to okolo troch hodín ale všetky políčka zostali zelené:
Obrázek



Pre prípad som prešiel aj benchmarkom (aj keď neviem prečo)
Obrázek

btw.trochu nechápem to CPU Usage: -1%
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#19 Příspěvek od motji »

Ještě zkuste záložku Healt.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#20 Příspěvek od tinostar91 »

Nezmestilo sa mi to do jedného screenu tak sú tu 2.
Rozmýšľam, či neprejdem aj chkdsk ale nechcem nič robiť bez vašeho príkazu.
Health:
Obrázek
Obrázek
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#21 Příspěvek od motji »

Zatím jsou jen realokované sektory. Můžete zkusit disk zformátovat systémem NTFS, a pravidelně kontrolovat nějakým programem. Ale počítejte s tím, že disk pomalu a jistě odchází.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#22 Příspěvek od tinostar91 »

Kúpiť nový disk by bolo najmenej. Ďakujem za ochotu. :77:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#23 Příspěvek od motji »

Nemáte zač :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#24 Příspěvek od tinostar91 »

Môj počítač zase blbne.. samovoľne vypína programy (napr. keď hrám hra sa z ničoho nič vypne, prehliadam internet cez firefox tak to isté). Deje sa to síce iba raz za čas ale aj tak to dokáže naštvať. Prebehol som ho MBAMom:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.61.0.1400
www.malwarebytes.org

Verzia databázy: v2012.05.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ok :: BUTKO [administrátor]

Ochrana: Zapnuté

26. 5. 2012 10:31:58
mbam-log-2012-05-26 (10-31-58).txt

Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 352638
Uplynutý čas: 49 min, 56 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#25 Příspěvek od tinostar91 »

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ok at 2012-05-26 12:00:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 186 GB (82%) free of 227 GB
Total RAM: 4092 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:29, on 26. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Ok.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9186 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 29448752
\??\C:\Windows\system32\conhost.exe "-1366173963110294870915116711793830358464200665671790725409-1481354691-146885769
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
WLIDSvcM.exe 2540
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /startalways
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3948.ce585d0.218553387 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 3948 "\\.\pipe\gecko-crash-server-pipe.3948" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Ok\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3093673229-1255773911-3470108579-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3093673229-1255773911-3470108579-1000UA.job
C:\Windows\tasks\SlimDrivers Startup.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ok\AppData\Roaming\Mozilla\Firefox\Profiles\yyl2h9u6.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1889856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-22 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2000-01-01 1128448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-04-05 17356424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-12-01 842816]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-26 12:00:23 ----D---- C:\Program Files\trend micro
2012-05-26 12:00:22 ----D---- C:\rsit
2012-05-26 10:30:26 ----D---- C:\Users\Ok\AppData\Roaming\Malwarebytes
2012-05-26 10:30:19 ----D---- C:\ProgramData\Malwarebytes
2012-05-26 10:30:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-05-26 10:30:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-25 17:59:11 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-05-23 06:16:27 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-05-23 06:16:26 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-05-23 06:16:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-05-23 06:16:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-05-23 06:16:24 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-05-23 06:16:23 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-05-23 06:16:22 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-05-23 06:16:16 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-05-23 06:14:31 ----D---- C:\Windows\SYSWOW64\directx
2012-05-22 11:44:57 ----D---- C:\Windows\SYSWOW64\Adobe
2012-05-21 08:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-21 08:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 18:23:27 ----D---- C:\Users\Ok\AppData\Roaming\.minecraft
2012-05-15 15:42:18 ----D---- C:\Users\Ok\AppData\Roaming\OpenOffice.org
2012-05-15 15:40:29 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2012-05-13 18:46:54 ----D---- C:\Users\Ok\AppData\Roaming\Unity
2012-05-13 17:20:07 ----D---- C:\Program Files (x86)\CarReplacer
2012-05-13 17:19:58 ----N---- C:\Windows\Setup1.exe
2012-05-13 17:19:57 ----A---- C:\Windows\ST6UNST.EXE
2012-05-13 09:26:02 ----D---- C:\Program Files (x86)\NFO Reader
2012-05-12 06:16:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-12 06:16:37 ----A---- C:\Windows\system32\win32k.sys
2012-05-12 06:16:34 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-12 06:16:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-12 06:16:18 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 06:16:07 ----A---- C:\Windows\system32\DWrite.dll
2012-05-12 06:16:06 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-12 06:16:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 19:26:27 ----D---- C:\Program Files (x86)\ABCgames Cheater
2012-05-08 16:19:13 ----D---- C:\ProgramData\Electronic Arts
2012-05-08 16:19:13 ----D---- C:\ProgramData\EA Core
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-05-08 15:55:49 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-05-08 15:55:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-05-08 15:55:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-05-08 15:55:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-05-08 15:55:44 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-05-08 15:55:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-05-08 15:55:43 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-05-08 15:55:42 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-05-08 15:55:41 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-05-08 15:55:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-05-08 15:55:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-05-08 15:55:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-05-08 15:55:36 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-05-08 15:55:36 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-05-08 15:55:35 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-05-08 15:55:32 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-05-08 15:55:30 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-05-08 15:55:28 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-05-08 15:55:26 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-05-08 15:55:25 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-05-08 15:55:24 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-05-08 15:55:24 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-05-08 15:55:23 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-05-08 15:55:22 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-05-08 15:55:21 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-05-08 15:55:19 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-05-08 15:55:18 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-05-08 15:55:16 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-05-08 15:55:15 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-05-08 15:55:14 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-05-08 15:55:14 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-05-08 15:55:10 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-05-08 15:55:08 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-05-08 15:55:07 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-05-08 15:55:04 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-05-08 15:55:03 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-05-08 15:55:03 ----A---- C:\Windows\system32\xinput1_3.dll
2012-05-08 15:55:02 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-05-08 15:55:02 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-05-08 15:55:00 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-05-08 15:54:58 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-05-08 15:54:58 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-05-08 15:54:57 ----A---- C:\Windows\system32\d3dx10.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-05-08 15:54:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-05-08 15:54:54 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-05-08 15:54:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xinput1_2.dll
2012-05-08 15:54:53 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xinput1_1.dll
2012-05-08 15:54:52 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-05-08 15:54:48 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-05-08 15:54:48 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-05-08 15:54:38 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-05-08 15:54:38 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-05-08 15:54:37 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-05-08 15:54:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-05-08 15:54:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-05-08 15:54:34 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-05-08 15:54:34 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-05-08 15:53:24 ----D---- C:\ProgramData\Solidshield
2012-05-07 16:18:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-05-06 19:55:30 ----D---- C:\ProgramData\MTA San Andreas All
2012-05-05 20:02:52 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-28 10:15:17 ----A---- C:\Windows\system32\drivers\AVerAF15.sys
2012-04-28 10:14:04 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-04-28 09:56:48 ----D---- C:\Users\Ok\AppData\Roaming\ATI
2012-04-28 09:56:48 ----D---- C:\ProgramData\ATI
2012-04-28 09:43:20 ----A---- C:\Windows\system32\stcplx64.dll
2012-04-28 09:43:20 ----A---- C:\Windows\system32\drivers\stwrt64.sys
2012-04-28 09:43:19 ----N---- C:\Windows\system32\stapi64.dll
2012-04-28 09:43:19 ----A---- C:\Windows\system32\stapo64.dll
2012-04-28 09:43:05 ----D---- C:\Program Files\IDT
2012-04-28 09:36:49 ----A---- C:\Windows\system32\RTNUninst64.dll
2012-04-28 09:36:49 ----A---- C:\Windows\system32\RtNicProp64.dll
2012-04-28 09:36:49 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2012-04-28 09:34:03 ----D---- C:\Windows\Options
2012-04-28 09:34:03 ----A---- C:\Windows\system32\drivers\athrx.sys
2012-04-28 09:34:02 ----D---- C:\Windows\system32\nn-NO
2012-04-28 09:34:01 ----A---- C:\Windows\system32\athihvui.dll
2012-04-28 09:34:01 ----A---- C:\Windows\system32\athihvs.dll
2012-04-28 09:33:31 ----D---- C:\Program Files (x86)\Cisco
2012-04-28 09:33:30 ----D---- C:\Program Files (x86)\Atheros
2012-04-28 09:32:22 ----D---- C:\ProgramData\Atheros
2012-04-28 08:56:51 ----A---- C:\Windows\system32\drivers\AtiPcie.sys
2012-04-28 08:40:46 ----D---- C:\Program Files (x86)\AMD APP
2012-04-28 08:40:40 ----D---- C:\Program Files\Common Files\ATI Technologies
2012-04-28 08:40:26 ----DC---- C:\Windows\system32\DRVSTORE
2012-04-28 08:40:26 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2012-04-28 08:37:49 ----D---- C:\Program Files (x86)\ATI Technologies
2012-04-28 08:37:38 ----A---- C:\Windows\system32\drivers\AtiPcie64.sys
2012-04-28 08:36:38 ----A---- C:\Windows\system32\drivers\AtihdW76.sys
2012-04-28 08:14:05 ----A---- C:\Windows\system32\drivers\amd_xata.sys
2012-04-28 08:14:05 ----A---- C:\Windows\system32\drivers\amd_sata.sys
2012-04-28 08:13:53 ----D---- C:\Program Files\ATI Technologies
2012-04-28 08:13:50 ----D---- C:\Program Files\ATI
2012-04-28 08:06:40 ----A---- C:\Windows\system32\btwcoins.dll
2012-04-28 08:06:37 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2012-04-28 08:06:37 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2012-04-28 08:06:37 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2012-04-28 08:06:37 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2012-04-28 08:06:37 ----A---- C:\Windows\system32\drivers\btwampfl.sys
2012-04-28 08:01:58 ----D---- C:\Program Files\WIDCOMM
2012-04-27 21:55:56 ----A---- C:\Windows\system32\hpf3l70v.dll
2012-04-27 21:55:40 ----D---- C:\Program Files (x86)\HP
2012-04-27 21:55:07 ----N---- C:\Windows\hpomdl44.dat
2012-04-27 21:55:07 ----A---- C:\Windows\hpoins44.dat
2012-04-27 21:55:06 ----D---- C:\ProgramData\HP
2012-04-27 21:54:59 ----A---- C:\Windows\system32\hpzids40.dll
2012-04-27 21:54:59 ----A---- C:\Windows\system32\hppldcoi.dll
2012-04-27 21:54:59 ----A---- C:\Windows\system32\hposwia_d02c.dll
2012-04-27 21:54:58 ----A---- C:\Windows\system32\hpost_d02c.dll
2012-04-27 21:54:58 ----A---- C:\Windows\system32\hposc_d02a.dll

======List of files/folders modified in the last 1 month======

2012-05-26 12:00:28 ----D---- C:\Windows\Temp
2012-05-26 12:00:23 ----RD---- C:\Program Files
2012-05-26 11:48:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-26 11:39:41 ----D---- C:\Windows\system32\config
2012-05-26 11:39:38 ----D---- C:\Windows\winsxs
2012-05-26 11:29:27 ----SHD---- C:\Windows\Installer
2012-05-26 11:29:26 ----SHD---- C:\Config.Msi
2012-05-26 11:28:24 ----SHD---- C:\System Volume Information
2012-05-26 10:30:19 ----HD---- C:\ProgramData
2012-05-26 10:30:18 ----D---- C:\Windows\system32\drivers
2012-05-26 10:30:17 ----RD---- C:\Program Files (x86)
2012-05-26 10:28:39 ----D---- C:\Windows\System32
2012-05-26 10:28:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-26 10:28:38 ----D---- C:\Windows\inf
2012-05-25 22:48:27 ----D---- C:\Users\Ok\AppData\Roaming\uTorrent
2012-05-25 17:59:15 ----RSD---- C:\Windows\assembly
2012-05-25 17:59:15 ----D---- C:\Windows\SysWOW64
2012-05-25 17:59:12 ----SD---- C:\Users\Ok\AppData\Roaming\Microsoft
2012-05-25 17:51:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-25 17:47:02 ----D---- C:\Windows\Prefetch
2012-05-24 06:24:18 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-22 17:12:48 ----D---- C:\Users\Ok\AppData\Roaming\vlc
2012-05-19 20:54:01 ----D---- C:\ProgramData\tmp
2012-05-19 20:18:18 ----D---- C:\ProgramData\hps
2012-05-19 18:31:01 ----D---- C:\Program Files (x86)\uTorrent
2012-05-16 07:33:14 ----D---- C:\Windows\system32\catroot2
2012-05-15 15:40:46 ----RSD---- C:\Windows\Fonts
2012-05-14 17:41:16 ----D---- C:\Windows\system32\wdi
2012-05-14 09:10:33 ----D---- C:\Windows\system32\NDF
2012-05-13 17:20:12 ----D---- C:\Windows
2012-05-12 12:36:35 ----D---- C:\Windows\Microsoft.NET
2012-05-12 07:11:53 ----A---- C:\Windows\system32\MRT.exe
2012-05-12 07:08:56 ----D---- C:\Windows\system32\catroot
2012-05-12 07:03:15 ----D---- C:\Program Files\Windows Journal
2012-05-07 16:16:56 ----D---- C:\Program Files (x86)\Common Files
2012-05-05 21:08:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-04-28 10:15:20 ----D---- C:\Windows\system32\DriverStore
2012-04-28 10:15:17 ----D---- C:\Program Files (x86)\AVerMedia
2012-04-28 09:48:17 ----D---- C:\Windows\Driver Cache
2012-04-28 09:36:47 ----D---- C:\Program Files (x86)\Realtek
2012-04-28 09:34:02 ----D---- C:\Windows\system32\zh-TW
2012-04-28 09:34:02 ----D---- C:\Windows\system32\zh-CN
2012-04-28 09:34:02 ----D---- C:\Windows\system32\tr-TR
2012-04-28 09:34:02 ----D---- C:\Windows\system32\sv-SE
2012-04-28 09:34:02 ----D---- C:\Windows\system32\ru-RU
2012-04-28 09:34:02 ----D---- C:\Windows\system32\pt-PT
2012-04-28 09:34:02 ----D---- C:\Windows\system32\pl-PL
2012-04-28 09:34:02 ----D---- C:\Windows\system32\nl-NL
2012-04-28 09:34:02 ----D---- C:\Windows\system32\ko-KR
2012-04-28 09:34:02 ----D---- C:\Windows\system32\ja-JP
2012-04-28 09:34:02 ----D---- C:\Windows\system32\it-IT
2012-04-28 09:34:02 ----D---- C:\Windows\system32\hu-HU
2012-04-28 09:34:02 ----D---- C:\Windows\system32\fr-FR
2012-04-28 09:34:02 ----D---- C:\Windows\system32\fi-FI
2012-04-28 09:34:02 ----D---- C:\Windows\system32\es-ES
2012-04-28 09:34:02 ----D---- C:\Windows\system32\en-US
2012-04-28 09:34:02 ----D---- C:\Windows\system32\el-GR
2012-04-28 09:34:01 ----D---- C:\Windows\system32\de-DE
2012-04-28 09:34:01 ----D---- C:\Windows\system32\da-DK
2012-04-28 09:34:01 ----D---- C:\Windows\system32\cs-CZ
2012-04-28 08:40:40 ----D---- C:\Program Files\Common Files
2012-04-28 08:37:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-28 08:04:16 ----SD---- C:\Windows\system32\Microsoft
2012-04-28 07:48:59 ----D---- C:\Windows\system32\Tasks
2012-04-28 07:48:58 ----D---- C:\Windows\Tasks
2012-04-27 21:58:12 ----D---- C:\Windows\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2000-01-01 16440]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-21 2769408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 AVerAF15;AVerMedia BDA Digital Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2008-01-16 369024]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 107560]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2000-01-01 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 21416]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2000-01-01 528384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 53376]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 X6va008;X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-03-25 956192]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-12-01 322624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2000-01-01 301568]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2009-07-12 1924400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#26 Příspěvek od motji »

Prostě se okno samo zavře a jinak počítač funguje? A nevysledoval jste zda to nemá souvislost s určitým časem nebo programem? Poporsím o aktuální log z crystaldisk infa.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#27 Příspěvek od tinostar91 »

Áno, okno sa jednoducho zavrie a nič (lenže on sa vypne nejako rýchlo ako keby niekto killnul proces cez správcu úloh). OS aj všetko ostatné beží ďalej. Rozmýšľam či to nemá nič spoločné s nejakými klávesovými skratkami ktoré omylom stláčam.
CrystalDiskInfo:

----------------------------------------------------------------------------
CrystalDiskInfo 4.6.2 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2012/05/27 9:41:08

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- WDC WD50 00BPVT-00HXZT3 SATA Disk Device
- hp DVD RW AD-7561S SATA CdRom Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000BPVT-00HXZT3 : 500.1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD5000BPVT-00HXZT3
----------------------------------------------------------------------------
Model : WDC WD5000BPVT-00HXZT3
Firmware : 01.01A01
Serial Number : WD-WX31EB1NMR90
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 530 hours
Power On Count : 105 count
Temparature : 34 C (93 F)
Health Status : Good
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 182 178 _21 00000000075B Spin-Up Time
04 100 100 __0 00000000006B Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 __0 000000000000 Seek Error Rate
09 100 100 __0 000000000212 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C 100 100 __0 000000000069 Power Cycle Count
C0 200 200 __0 00000000000D Power-off Retract Count
C1 197 197 __0 000000002C9B Load/Unload Cycle Count
C2 113 102 __0 000000000022 Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 100 253 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 100 253 __0 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4542 4542 314E 4D52 3930
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3530 3030 4250 5654 2D30 585A 585A 5433 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1F06 1F06 0000 004C 0044
080: 01FE 0000 746B 7D09 6123 BC09 BC09 6123 407F 0040
090: 0040 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 6003 6003 0000 5001 4EE2
110: B172 BE39 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16FE 012D 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 7035 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 EEA5
Naposledy upravil(a) tinostar91 dne 27 kvě 2012 08:41, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#28 Příspěvek od motji »

Ještě poprosím o druhý log ze rsitu s názvem info.txt.
Ty kláves. zkratky zkuste vykoumat.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tinostar91
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 05 led 2012 13:58
Bydliště: Hlboké nad Váhom

Re: Menšia preventívka

#29 Příspěvek od tinostar91 »

info:

info.txt logfile of random's system information tool 1.09 2012-05-26 12:00:32

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
64 Bit HP CIO Components Installer-->MsiExec.exe /I{BE930E38-7BB3-45B6-85B2-5251F374F844}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Media Foundation Decoders-->MsiExec.exe /X{EAA94988-8288-ED48-B179-F94440FA392E}
Ashampoo Burning Studio 2012 v10.0.15-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2012\unins000.exe"
Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\Setup.exe" -runfromtemp -l0x0405 -removeonly
ATI Catalyst Install Manager-->msiexec /q/x{E686FBB0-B356-96BE-A9ED-2D8286AA0386} REBOOT=ReallySuppress
AVerMedia A309 (MiniCard, DVB-T) 1.0.64.40-->C:\Program Files (x86)\AVerMedia\AVerMedia A309 (MiniCard, DVB-T)\uninst.exe
AVerMedia A815 USB DVB-T 1.0.64.63-->C:\Program Files (x86)\AVerMedia\AVerMedia A815 USB DVB-T\uninst.exe
AVerMedia TV Tuner Card 1.0.0.4-->C:\Program Files (x86)\AVerMedia\AVerMedia TV Tuner Card\uninst.exe
Bluetooth by hp-->MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
BrickForce 1.9.87-->E:\Hry\BrickForce\uninst.exe
Bus Driver-->"H:\Bus Driver\unins000.exe"
CarReplacer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\CarReplacer\ST6UNST.LOG"
Catalyst Control Center - Branding-->MsiExec.exe /I{F30403FF-0146-4633-AAC5-D5CD5C50AE70}
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DigitalPersona Personal 4.11-->MsiExec.exe /I{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}
ENE CIR Receiver Driver-->C:\PROGRA~1\DIFX\3BD8E4BC84D41A4F\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_amd64_neutral_acae3f801586bfb8\enecir.inf
Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6-->C:\Program Files (x86)\HP\Digital Imaging\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}\setup\hpzscr40.exe -datfile hposcr44.dat -onestop -forcereboot
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
Malwarebytes Anti-Malware verzia 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Moj CEWE FOTOSVET-->"C:\Program Files (x86)\Fotolab\Moj CEWE FOTOSVET\uninstall.exe"
Mozilla Firefox 11.0 (x86 sk)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MTA:SA v1.3-->E:\Hry\MTA San Andreas 1.3\Uninstall.exe
Need For Speed Most Wanted SK-->E:\Hry\Need for Speed Most Wanted\Odinštalovať NFS-MW_SK.exe
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Need for Speed™ Most Wanted-->E:\Hry\Need for Speed Most Wanted\EAUninstall.exe
NFO Reader version 1.0-->"C:\Program Files (x86)\NFO Reader\unins000.exe"
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OpenOffice.org 3.2-->MsiExec.exe /I{28B94253-5729-4C30-8DE4-F2A0A63149B0}
Portal 2-->"E:\Hry\Valve\Portal 2\unins000.exe"
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x001b -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
SlimDrivers-->MsiExec.exe /X{5CDA3B5A-0737-40A1-AF93-4F35BD38A1B6}
Sniper Elite V2-->"E:\Hry\Rebellion\SniperEliteV2\unins000.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0005 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Validity Sensors DDK-->MsiExec.exe /X{62A20ECA-920E-4052-BF77-88C78DD20FAA}
VLC media player 2.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinRAR 4.11 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Ok-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 979
Source Name: atikmdag
Time Written: 20120420095733.174448-000
Event Type: Error
User:

Computer Name: Ok-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 966
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20120420094902.464663-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ok-PC
Event Code: 43029
Message: Display is not active
Record Number: 874
Source Name: atikmdag
Time Written: 20120420090333.261472-000
Event Type: Error
User:

Computer Name: Ok-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 873
Source Name: atikmdag
Time Written: 20120420090333.261472-000
Event Type: Error
User:

Computer Name: Ok-PC
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C.
Record Number: 509
Source Name: Ntfs
Time Written: 20120420081323.730980-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Ok-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 116
Source Name: Microsoft-Windows-Search
Time Written: 20120420074714.000000-000
Event Type: Warning
User:

Computer Name: 37L4247E29-32
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 106
Source Name: Microsoft-Windows-Search
Time Written: 20120420065437.000000-000
Event Type: Warning
User:

Computer Name: 37L4247E29-32
Event Code: 257
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba ESENT: -546.
Record Number: 7
Source Name: Microsoft-Windows-CAPI2
Time Written: 20120420064536.812969-000
Event Type: Error
User:

Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (248) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 6
Source Name: ESENT
Time Written: 20120420064536.000000-000
Event Type: Error
User:

Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (248) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 5
Source Name: ESENT
Time Written: 20120420064536.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120420064450.995689-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1b8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120420064450.995689-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x30e5c
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120420064436.971265-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120420064434.132060-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120420064433.991660-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Menšia preventívka

#30 Příspěvek od motji »

Vy máte nový disk?
Já nic podezdřelého nevidím, opravdu to nemůže být těmi kláves. zkratkami?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“