Preventivna prehliadka - GPU bolo vytazene na 100%

[Tiger1403]

Zdravim ludia , tak by som vas chcel poprosit o malu prehliadku, prvykrat sa mi stalo ze ked som vypol hru (nenarocnu - nhl09) gpu(R5850 1g) bezala na 100% a nestihala ani aero, restartoval som a vsetko ok, tak sa len pytam ci je vsetko ok v logu, diky.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tiger at 2011-01-06 23:44:33
Microsoft Windows 7 Ultimate
System drive C: has 122 GB (52%) free of 235 GB
Total RAM: 4087 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:44:38, on 6. 1. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\vsnp325.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp325.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Tiger.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted IP range: http://127.0.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10563 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -k runservice
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000664
\??\C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -d "C:/Program Files (x86)/Marvell/raid/Apache2"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:2004
"C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\vsnp325.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"taskhost.exe"
"C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Windows\FixCamera.exe"
"C:\Windows\tsnp325.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4684.83f1ec0.1252359269 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4684 plugin \\.\pipe\gecko-crash-server-pipe.4684
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Tiger\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-11-24 1536456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-22 8116256]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"snp325"=C:\Windows\vsnp325.exe [2006-10-10 827392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.0\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-04-04 306088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-09-25 106496]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"MRUTray"=C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [2009-10-09 741376]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-08 281768]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"FixCamera"=C:\Windows\FixCamera.exe [2007-02-10 20480]
"tsnp325"=C:\Windows\tsnp325.exe [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-06 23:44:33 ----D---- C:\rsit
2011-01-06 23:44:33 ----D---- C:\Program Files\trend micro
2010-12-31 18:53:52 ----D---- C:\Windows\EffectResources
2010-12-31 18:53:52 ----A---- C:\Windows\vidcap32.Exe
2010-12-31 18:53:52 ----A---- C:\Windows\Domino.exe
2010-12-31 18:53:51 ----D---- C:\Windows\CatRoot
2010-12-31 18:53:51 ----D---- C:\Program Files (x86)\Vimicro
2010-12-31 18:53:51 ----A---- C:\Windows\ZSSnp211.exe
2010-12-31 18:53:51 ----A---- C:\Windows\ZS211Cap.exe
2010-12-31 18:53:51 ----A---- C:\Windows\SYSWOW64\ZS211sti.dll
2010-12-31 18:53:51 ----A---- C:\Windows\SYSWOW64\drivers\ZS211.sys
2010-12-31 18:53:51 ----A---- C:\Windows\Sti211.exe
2010-12-31 18:45:38 ----A---- C:\Windows\system32\vsnp325.dll
2010-12-31 18:45:38 ----A---- C:\Windows\FixCamera.exe
2010-12-31 18:45:38 ----A---- C:\Windows\amcap.exe
2010-12-31 18:45:37 ----A---- C:\Windows\vsnp325.exe
2010-12-31 18:45:37 ----A---- C:\Windows\tsnp325.exe
2010-12-31 18:45:37 ----A---- C:\Windows\SYSWOW64\vsnp325.dll
2010-12-31 18:45:37 ----A---- C:\Windows\SYSWOW64\rsnp325.dll
2010-12-31 18:45:37 ----A---- C:\Windows\SYSWOW64\csnp325.dll
2010-12-31 18:45:37 ----A---- C:\Windows\system32\drivers\snp325.sys
2010-12-31 18:45:37 ----A---- C:\Windows\system32\csnp325.dll
2010-12-31 18:45:37 ----A---- C:\Windows\snp325.ini
2010-12-31 18:45:30 ----D---- C:\Users\Tiger\AppData\Roaming\InstallShield
2010-12-31 18:36:10 ----A---- C:\Windows\SYSWOW64\drivers\STREAM.SYS
2010-12-26 19:47:41 ----D---- C:\Program Files (x86)\Activision
2010-12-23 19:48:12 ----D---- C:\Program Files (x86)\Valvesoftware
2010-12-23 15:17:32 ----D---- C:\SAVE
2010-12-19 21:09:17 ----A---- C:\Windows\sierra.ini
2010-12-19 21:08:45 ----D---- C:\Sierra
2010-12-17 15:47:51 ----D---- C:\Users\Tiger\AppData\Roaming\VitySoft
2010-12-17 15:47:36 ----D---- C:\ProgramData\Sun
2010-12-17 15:47:29 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-12-17 15:47:29 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-12-17 15:47:29 ----A---- C:\Windows\SYSWOW64\java.exe
2010-12-17 15:47:29 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-12-17 15:47:24 ----D---- C:\Program Files (x86)\Java
2010-12-16 20:19:51 ----D---- C:\Windows\Minidump
2010-12-16 18:11:45 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-16 18:11:45 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 18:11:43 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-16 18:11:43 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 18:11:43 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 18:11:43 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 18:11:43 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 18:11:43 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 18:11:42 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-16 18:11:42 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-16 18:11:42 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-16 18:11:42 ----A---- C:\Windows\system32\schtasks.exe
2010-12-16 18:11:28 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-16 18:11:28 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-16 18:11:28 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 18:11:28 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 18:11:25 ----A---- C:\Windows\system32\win32k.sys
2010-12-16 18:11:23 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-16 18:11:23 ----A---- C:\Windows\system32\webio.dll
2010-12-16 18:11:21 ----A---- C:\Windows\system32\consent.exe
2010-12-16 18:11:20 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 18:11:20 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 18:11:19 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-16 18:11:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-16 18:11:19 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 18:11:19 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 18:11:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-16 18:11:17 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 18:11:17 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-16 18:11:16 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-16 18:11:16 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 18:11:16 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 18:11:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 18:11:16 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 18:11:16 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 21:29:18 ----D---- C:\ProgramData\ATI
2010-12-14 21:29:16 ----D---- C:\Program Files (x86)\ATI Stream
2010-12-13 17:44:16 ----D---- C:\ProgramData\Apple Computer
2010-12-13 17:44:16 ----D---- C:\Program Files (x86)\QuickTime
2010-12-08 20:07:18 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%
2010-12-08 20:05:40 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2010-12-08 20:05:40 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2010-12-08 20:05:40 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2010-12-08 20:05:40 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-12-08 20:05:40 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-12-08 20:05:40 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-12-08 20:05:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2010-12-08 20:05:39 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-12-08 20:05:38 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-12-08 20:05:26 ----D---- C:\Program Files\Futuremark
2010-12-08 15:06:04 ----AH---- C:\Windows\system32\hamachi.sys
2010-12-08 15:06:01 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2010-12-07 12:17:20 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-12-07 12:15:30 ----A---- C:\Windows\system32\OpenCL.dll

======List of files/folders modified in the last 1 months======

2011-01-06 23:44:38 ----D---- C:\Windows\Prefetch
2011-01-06 23:44:34 ----D---- C:\Windows\Temp
2011-01-06 23:44:33 ----D---- C:\Program Files
2011-01-06 23:44:03 ----D---- C:\Windows\System32
2011-01-06 23:44:03 ----D---- C:\Windows\inf
2011-01-06 23:44:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-06 23:38:20 ----D---- C:\Windows\system32\config
2011-01-06 21:31:10 ----D---- C:\Windows
2011-01-06 20:19:01 ----RD---- C:\Program Files (x86)
2011-01-06 17:56:40 ----SHD---- C:\System Volume Information
2011-01-03 18:08:09 ----D---- C:\Windows\system32\drivers
2011-01-03 18:08:08 ----D---- C:\Windows\system32\drivers\UMDF
2011-01-03 13:08:21 ----D---- C:\Program Files (x86)\CCleaner
2011-01-01 06:16:57 ----D---- C:\Users\Tiger\AppData\Roaming\ICQ
2010-12-31 19:01:41 ----D---- C:\Windows\system32\DriverStore
2010-12-31 19:01:28 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-31 19:01:28 ----D---- C:\Windows\SysWOW64
2010-12-31 18:53:51 ----D---- C:\Windows\twain_32
2010-12-31 18:45:55 ----HD---- C:\ProgramData
2010-12-31 18:45:53 ----D---- C:\Windows\system32\catroot
2010-12-31 18:45:38 ----A---- C:\Windows\win.ini
2010-12-31 18:45:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-31 18:45:37 ----D---- C:\Program Files (x86)\Common Files
2010-12-31 18:36:10 ----D---- C:\Windows\Downloaded Program Files
2010-12-31 11:06:35 ----D---- C:\Windows\system32\catroot2
2010-12-29 14:19:09 ----D---- C:\Users\Tiger\AppData\Roaming\Skype
2010-12-29 14:19:02 ----D---- C:\Users\Tiger\AppData\Roaming\skypePM
2010-12-28 13:09:50 ----SHD---- C:\Windows\Installer
2010-12-28 13:08:10 ----D---- C:\Program Files (x86)\Electronic Arts
2010-12-23 14:49:39 ----D---- C:\ProgramData\Codemasters
2010-12-19 21:15:43 ----D---- C:\Windows\system32\Tasks
2010-12-18 21:57:01 ----D---- C:\Windows\debug
2010-12-16 19:57:24 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-12-16 18:53:55 ----D---- C:\Windows\rescache
2010-12-16 18:16:17 ----D---- C:\Windows\winsxs
2010-12-16 18:14:55 ----D---- C:\Windows\SYSWOW64\sk-SK
2010-12-16 18:14:55 ----D---- C:\Windows\SYSWOW64\migration
2010-12-16 18:14:55 ----D---- C:\Windows\system32\sk-SK
2010-12-16 18:14:55 ----D---- C:\Windows\system32\migration
2010-12-16 18:14:55 ----D---- C:\Program Files\Windows Mail
2010-12-16 18:14:55 ----D---- C:\Program Files\Internet Explorer
2010-12-16 18:14:55 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-16 18:14:55 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-16 18:13:28 ----A---- C:\Windows\system32\MRT.exe
2010-12-15 20:46:39 ----RSD---- C:\Windows\assembly
2010-12-15 20:38:53 ----D---- C:\Program Files (x86)\THQ
2010-12-14 21:29:11 ----D---- C:\Program Files\ATI Technologies
2010-12-12 14:08:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-08 20:34:02 ----D---- C:\Program Files (x86)\MSI Afterburner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-21 834544]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-02 116568]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-22 83120]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-04 43168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-22 2002080]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-04 312480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-05-12 36328]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 awdkbep9;awdkbep9; C:\Windows\system32\drivers\awdkbep9.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Tiger\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-02-04 20568]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-01-27 10526080]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2010-05-12 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2010-05-12 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2010-05-12 159208]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-04-27 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-04-27 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-04-27 172104]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\Windows\syswow64\NTACCESS.SYS []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 203776]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-08 135336]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-05 151552]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-04-09 24635]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-09-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-09-26 103736]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-09-30 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 KiesAllShare;SAMSUNG KiesAllShare Service; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-12-16 607040]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]

-----------------EOF-----------------

[Roli]

Zdravím, vlož mi sem log z Rsit ještě jednou ale tentokrát bez CODE, blbě se to čte.

[Tiger1403]

1post upraveny..

[Roli]

Tohle fixni v HJT :

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

HJT najdeš zde :

C:\Program Files\trend micro\Tiger.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

ICQ Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Odinstaluj nikoliv smaž ICQ6Toolbar


Pak pro začátek použij Mbam z mého podpisu a dej mi sem z něj log dříve než něco smažeš.

[Tiger1403]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 5480

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7. 1. 2011 21:44:40
mbam-log-2011-01-07 (21-44-36).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 297219
Uplynutý čas: 21 min, 19 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
d:\programmes\Install\adobe photoshop cs5\keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\programmes\Install\tuneup utilities 2010 v9.0.3000.136\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
d:\programmes\Install\tuneup utilities 2010 v9.0.3000.136\keygen.exe (Trojan.Agent.CK) -> No action taken.

[Roli]

Ale, ale co pak to je ?

No nic to co Mbam našel nech smazat.

Ještě použijeme větší kalibr tak že pozorně číst, protože tenhle softík chyby netoleruje.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[Tiger1403]

ComboFix 11-01-08.04 - Tiger . 01. 2011 9:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4087.2884 [GMT 1:00]
Running from: c:\users\Tiger\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
Systém nemôže nájsť zadanú cestu.
The system cannot find the file LockedB.
The system cannot find the file LockedB.


((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 08:11 . 2011-01-09 08:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 20:22 . 2011-01-07 20:22 -------- d-----w- c:\users\Tiger\AppData\Roaming\Malwarebytes
2011-01-07 20:22 . 2011-01-07 20:22 -------- d-----w- c:\programdata\Malwarebytes
2011-01-07 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-07 20:21 . 2011-01-07 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 10:09 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5495B688-BB77-4B12-BBE1-1C5454FB51D2}\mpengine.dll
2011-01-06 22:44 . 2011-01-07 22:17 -------- d-----w- c:\program files\trend micro
2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- C:\rsit
2010-12-31 17:53 . 2010-12-31 17:53 -------- d-----w- c:\windows\EffectResources
2010-12-31 17:53 . 2006-08-18 15:58 49152 ----a-w- c:\windows\Domino.exe
2010-12-31 17:53 . 2000-10-31 11:00 307200 ----a-w- c:\windows\vidcap32.Exe
2010-12-31 17:53 . 2010-12-31 18:01 -------- d-----w- c:\windows\CatRoot
2010-12-31 17:53 . 2010-12-31 17:53 -------- d-----w- c:\program files (x86)\Vimicro
2010-12-31 17:53 . 2006-08-19 10:37 49152 ----a-w- c:\windows\ZSSnp211.exe
2010-12-31 17:53 . 2006-08-09 18:07 57344 ----a-w- c:\windows\Sti211.exe
2010-12-31 17:53 . 2006-08-09 16:38 102400 ----a-w- c:\windows\ZS211Cap.exe
2010-12-31 17:53 . 2006-08-09 16:37 81920 ----a-w- c:\windows\SysWow64\ZS211sti.dll
2010-12-31 17:53 . 2006-08-08 10:29 391836 ----a-w- c:\windows\SysWow64\drivers\ZS211.sys
2010-12-31 17:53 . 2006-07-14 13:36 172115 ----a-w- c:\windows\SysWow64\ZS211Prp.Ax
2010-12-31 17:53 . 2002-08-02 02:10 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2010-12-31 17:45 . 2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe
2010-12-31 17:45 . 2006-03-14 13:28 172032 ----a-w- c:\windows\amcap.exe
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\program files (x86)\Common Files\snp325
2010-12-31 17:45 . 2006-10-10 14:49 270336 ----a-w- c:\windows\tsnp325.exe
2010-12-31 17:45 . 2006-10-10 13:11 827392 ----a-w- c:\windows\vsnp325.exe
2010-12-31 17:45 . 2006-08-28 10:53 57344 ----a-w- c:\windows\SysWow64\vsnp325.dll
2010-12-31 17:45 . 2006-04-12 11:11 147456 ----a-w- c:\windows\SysWow64\rsnp325.dll
2010-12-31 17:45 . 2005-11-23 12:55 53248 ----a-w- c:\windows\SysWow64\csnp325.dll
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\users\Tiger\AppData\Roaming\InstallShield
2010-12-31 17:36 . 2005-04-30 17:46 39776 ----a-w- c:\windows\SysWow64\drivers\STREAM.SYS
2010-12-31 17:36 . 2002-07-25 16:06 282624 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2010-12-26 18:53 . 2010-12-26 18:53 -------- d-----w- c:\users\Tiger\AppData\Local\Activision
2010-12-26 18:47 . 2010-12-26 18:47 -------- d-----w- c:\program files (x86)\Activision
2010-12-23 18:48 . 2010-12-23 18:48 -------- d-----w- c:\program files (x86)\Valvesoftware
2010-12-23 14:17 . 2010-12-23 14:17 -------- d-----w- C:\SAVE
2010-12-19 20:08 . 2010-12-28 12:13 -------- d-----w- C:\Sierra
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\users\Tiger\AppData\Roaming\VitySoft
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-17 14:47 . 2010-12-17 14:47 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-17 14:47 . 2010-12-17 14:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\program files (x86)\Java
2010-12-14 20:29 . 2010-12-14 20:29 -------- d-----w- c:\programdata\ATI
2010-12-14 20:29 . 2010-12-14 20:29 -------- d-----w- c:\program files (x86)\ATI Stream

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-12 36328]
R3 cpuz130;cpuz130;c:\users\Tiger\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-02-04 20568]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-01-27 10526080]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-12 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-12 159208]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
R3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\NTACCESS.SYS [2008-04-14 17920]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-21 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-08 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-05 151552]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-04-09 24635]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-09-30 1403200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-22 8116256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\isqfaq8q.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-09 09:13:00
ComboFix-quarantined-files.txt 2011-01-09 08:13

Pre-Run: 143 381 475 328 bytes free
Post-Run: 142 887 604 224 bytes free

- - End Of File - - E2A5BF0F6492389F57E6A055A78832BB

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox:: 
FF - ProfilePath - c:\users\Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\isqfaq8q.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.1&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Tiger1403]

ComboFix 11-01-09.03 - Tiger . 01. 2011 15:48:16.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4087.2937 [GMT 1:00]
Running from: c:\users\Tiger\Desktop\ComboFix.exe
Command switches used :: c:\users\Tiger\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
Systém nemôže nájsť zadanú cestu.
The system cannot find the file LockedB.
The system cannot find the file LockedB.


((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 14:50 . 2011-01-10 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 20:22 . 2011-01-07 20:22 -------- d-----w- c:\users\Tiger\AppData\Roaming\Malwarebytes
2011-01-07 20:22 . 2011-01-07 20:22 -------- d-----w- c:\programdata\Malwarebytes
2011-01-07 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-07 20:21 . 2011-01-07 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 10:09 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5495B688-BB77-4B12-BBE1-1C5454FB51D2}\mpengine.dll
2011-01-06 22:44 . 2011-01-07 22:17 -------- d-----w- c:\program files\trend micro
2011-01-06 22:44 . 2011-01-06 22:44 -------- d-----w- C:\rsit
2010-12-31 17:53 . 2010-12-31 17:53 -------- d-----w- c:\windows\EffectResources
2010-12-31 17:53 . 2006-08-18 15:58 49152 ----a-w- c:\windows\Domino.exe
2010-12-31 17:53 . 2000-10-31 11:00 307200 ----a-w- c:\windows\vidcap32.Exe
2010-12-31 17:53 . 2010-12-31 18:01 -------- d-----w- c:\windows\CatRoot
2010-12-31 17:53 . 2010-12-31 17:53 -------- d-----w- c:\program files (x86)\Vimicro
2010-12-31 17:53 . 2006-08-19 10:37 49152 ----a-w- c:\windows\ZSSnp211.exe
2010-12-31 17:53 . 2006-08-09 18:07 57344 ----a-w- c:\windows\Sti211.exe
2010-12-31 17:53 . 2006-08-09 16:38 102400 ----a-w- c:\windows\ZS211Cap.exe
2010-12-31 17:53 . 2006-08-09 16:37 81920 ----a-w- c:\windows\SysWow64\ZS211sti.dll
2010-12-31 17:53 . 2006-08-08 10:29 391836 ----a-w- c:\windows\SysWow64\drivers\ZS211.sys
2010-12-31 17:53 . 2006-07-14 13:36 172115 ----a-w- c:\windows\SysWow64\ZS211Prp.Ax
2010-12-31 17:53 . 2002-08-02 02:10 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2010-12-31 17:45 . 2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe
2010-12-31 17:45 . 2006-03-14 13:28 172032 ----a-w- c:\windows\amcap.exe
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\program files (x86)\Common Files\snp325
2010-12-31 17:45 . 2006-10-10 14:49 270336 ----a-w- c:\windows\tsnp325.exe
2010-12-31 17:45 . 2006-10-10 13:11 827392 ----a-w- c:\windows\vsnp325.exe
2010-12-31 17:45 . 2006-08-28 10:53 57344 ----a-w- c:\windows\SysWow64\vsnp325.dll
2010-12-31 17:45 . 2006-04-12 11:11 147456 ----a-w- c:\windows\SysWow64\rsnp325.dll
2010-12-31 17:45 . 2005-11-23 12:55 53248 ----a-w- c:\windows\SysWow64\csnp325.dll
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\users\Tiger\AppData\Roaming\InstallShield
2010-12-31 17:36 . 2005-04-30 17:46 39776 ----a-w- c:\windows\SysWow64\drivers\STREAM.SYS
2010-12-31 17:36 . 2002-07-25 16:06 282624 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2010-12-26 18:53 . 2010-12-26 18:53 -------- d-----w- c:\users\Tiger\AppData\Local\Activision
2010-12-26 18:47 . 2010-12-26 18:47 -------- d-----w- c:\program files (x86)\Activision
2010-12-23 18:48 . 2010-12-23 18:48 -------- d-----w- c:\program files (x86)\Valvesoftware
2010-12-23 14:17 . 2010-12-23 14:17 -------- d-----w- C:\SAVE
2010-12-19 20:08 . 2010-12-28 12:13 -------- d-----w- C:\Sierra
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\users\Tiger\AppData\Roaming\VitySoft
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-17 14:47 . 2010-12-17 14:47 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-17 14:47 . 2010-12-17 14:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-17 14:47 . 2010-12-17 14:47 -------- d-----w- c:\program files (x86)\Java
2010-12-14 20:29 . 2010-12-14 20:29 -------- d-----w- c:\programdata\ATI
2010-12-14 20:29 . 2010-12-14 20:29 -------- d-----w- c:\program files (x86)\ATI Stream

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-09_08.11.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-10 14:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-09 08:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-09 08:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-10 14:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-10 14:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-09 08:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-01-09 07:54 32650 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-10 14:34 32650 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-21 13:28 . 2011-01-10 14:34 13080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413776954-1687531260-120061480-1000_UserData.bin
- 2010-03-21 13:28 . 2011-01-09 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 13:28 . 2011-01-10 14:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 13:28 . 2011-01-10 14:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-21 13:28 . 2011-01-09 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-09 07:52 . 2011-01-09 07:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-10 14:32 . 2011-01-10 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-09 07:52 . 2011-01-09 07:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-10 14:32 . 2011-01-10 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-22 15:00 . 2011-01-09 19:06 533110 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-01-09 07:56 627482 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-10 14:37 627482 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-09 07:56 111060 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-10 14:37 111060 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-01-08 13:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-10 14:46 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-12 36328]
R3 cpuz130;cpuz130;c:\users\Tiger\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-02-04 20568]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-01-27 10526080]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-12 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-12 159208]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
R3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\NTACCESS.SYS [2008-04-14 17920]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-21 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-08 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-05 151552]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-04-09 24635]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-09-30 1403200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-22 8116256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\isqfaq8q.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-10 16:07:31
ComboFix-quarantined-files.txt 2011-01-10 15:07
ComboFix2.txt 2011-01-09 08:13

Pre-Run: 142 907 670 528 bytes free
Post-Run: 142 850 613 248 bytes free

- - End Of File - - 455E1AEF6E96E0A8259B0D323FC26CE8

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[Tiger1403]

Vsetko je ok, uz sa mi to viac nestalo, dakujem vam.

[Roli]

Není zač.