Pomalé načítaní stránek

[jmenujisepetr]

Dobrý před nějakou dobou mně začali strašně pomalu načítat stránky nevím, čím to je ale na O2 technické lince mi řekli, že je chyba v mém počítači. Jinak na druhém notebooku i počítači šel internet normálně. prosím o kontrolu logu




ComboFix 12-03-17.01 - MASTER 20.03.2012 16:52:41.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8172.5606 [GMT 1:00]
Spuštěný z: c:\users\MASTER\Desktop\ComboFixx.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-20 do 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 15:55 . 2012-03-20 15:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-20 15:55 . 2012-03-20 15:55 -------- d-----w- c:\users\mamka\AppData\Local\temp
2012-03-20 15:55 . 2012-03-20 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 14:33 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{870E2C4F-438C-418E-AEF4-971A688DD2F8}\mpengine.dll
2012-03-19 21:09 . 2012-03-19 22:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 19:45 . 2012-03-19 19:46 -------- d-----w- c:\programdata\ConMet
2012-03-19 19:45 . 2012-03-19 19:45 -------- d-----w- c:\users\MASTER\AppData\Roaming\ConMet
2012-03-19 18:57 . 2012-03-19 18:57 -------- d-----w- c:\users\MASTER\AppData\Local\Mumble
2012-03-19 15:13 . 2012-03-19 15:14 -------- d-----w- C:\rsit
2012-03-19 15:13 . 2012-03-19 15:13 -------- d-----w- c:\program files\trend micro
2012-03-18 22:40 . 2012-03-18 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 23:15 . 2012-03-16 23:15 143360 ----a-w- c:\windows\SysWow64\UAService7.exe
2012-03-15 22:11 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 22:11 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 22:11 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 22:07 . 2012-03-15 22:07 -------- d-----w- c:\users\UpdatusUser
2012-03-15 22:06 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-15 20:29 . 2012-03-15 20:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-15 20:19 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 20:19 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 20:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 20:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 20:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 20:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 20:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-15 20:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 20:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 20:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 17:14 . 2012-03-05 17:14 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-28 17:57 . 2012-02-28 17:57 -------- d-----w- c:\users\MASTER\AppData\Local\Activision
2012-02-24 22:57 . 2012-02-24 22:57 -------- d-----w- c:\users\MASTER\AppData\Roaming\SPORE
2012-02-23 22:58 . 2004-03-08 22:00 124688 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2012-02-23 22:58 . 2004-03-08 22:00 212240 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-02-23 22:58 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\IJL_11.DLL
2012-02-23 17:13 . 2012-02-23 17:13 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 15:06 . 2011-08-16 09:58 197112 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-16 15:06 . 2011-08-18 19:43 345080 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-16 15:06 . 2011-08-16 09:58 345080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-08-18 19:43 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 25543488 ----a-w- c:\windows\system32\nvoglv64_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 19444544 ----a-w- c:\windows\SysWow64\nvoglv32_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 17642816 ----a-w- c:\windows\system32\nvd3dumx_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-18 19:43 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-08-16 09:58 9717568 ----a-w- c:\windows\system32\nvwgf2umx_evolve.dll
2012-03-01 00:02 . 2011-08-16 09:58 15009600 ----a-w- c:\windows\SysWow64\nvd3dum_evolve.dll
2012-03-01 00:02 . 2011-08-16 09:57 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-08-16 09:57 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-29 21:00 . 2011-01-07 18:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-01-07 18:50 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-01-07 18:49 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-01-07 18:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-01-07 18:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-01-07 18:49 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-23 08:18 . 2011-08-17 08:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 17:57 . 2012-02-16 17:57 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-02-12 11:20 . 2011-08-30 13:30 314360 ----a-w- c:\windows\system32\EvoDisplayHelper.dll
2012-02-12 11:20 . 2011-08-30 13:30 197112 ----a-w- c:\windows\SysWow64\EvoDisplayHelper.dll
2012-01-28 11:52 . 2011-08-18 05:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-15 15:23 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 15:23 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 15:22 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 15:22 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 15:22 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:31 . 2011-12-25 14:31 3584 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-18_21.37.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-19 17:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 17:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 09:47 . 2012-03-20 14:34 42080 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-20 14:34 29170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 20:21 . 2012-03-20 14:34 11052 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-99504729-2130033436-3414475424-1000_UserData.bin
+ 2011-08-15 20:17 . 2012-03-20 14:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 20:17 . 2012-03-06 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 20:17 . 2012-03-06 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-20 14:54 . 2012-03-20 14:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 14:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 19:45 . 2012-03-19 20:48 11222 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\qwavecache.dat
+ 2011-08-18 17:35 . 2012-03-19 14:41 9560 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_48.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 9560 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_48.bin
+ 2011-08-18 17:35 . 2012-03-19 14:41 4280 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_32.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 4280 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_32.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 2456 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_24.bin
+ 2011-08-18 17:35 . 2012-03-19 14:41 2456 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_24.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 9560 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_48.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 9560 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_48.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 4280 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_32.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 4280 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_32.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 2456 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_24.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 2456 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_24.bin
- 2012-03-18 21:36 . 2012-03-18 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 15:55 . 2012-03-20 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 15:55 . 2012-03-20 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-18 21:36 . 2012-03-18 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-18 07:15 . 2010-03-18 07:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-03-18 07:15 . 2010-03-18 07:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-08-16 12:13 . 2012-03-19 15:58 303674 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:12 . 2012-03-20 14:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-03-19 13:53 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-03-20 15:55 395268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-18 21:35 395268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-16 05:18 . 2012-03-20 15:55 5265304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-16 05:18 . 2012-03-18 21:35 5265304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-16 04:40 . 2012-03-19 20:48 8770868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-99504729-2130033436-3414475424-1000-8192.dat
+ 2011-08-16 05:12 . 2012-03-20 15:55 9480158 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-99504729-2130033436-3414475424-1000-12288.dat
+ 2012-03-19 19:03 . 2012-03-19 19:03 17904640 c:\windows\Installer\3d295.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 16:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2009-12-22 2647040]
"Steam"="d:\steam\Steam.exe" [2011-12-14 1242448]
"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2012-02-22 1735672]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-22 740216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GGSAFERDriver;GGSAFER Driver;c:\users\MASTER\Garena Classic\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-02-22 1459192]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-08-10 190336]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [x]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/bsprpc/{54AF5073-C9D ... 3D3AA7CF2B}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-QipGuard - c:\users\MASTER\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-99504729-2130033436-3414475424-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,9c,dd,1d,8f,4b,f0,0e,c7,af,79,b3,89,9c,77,35,cc,47,7b,46,7e,d1,7a,
a5,4e,87,d3,36,f8,19,be,c4,d4,54,fb,97,ae,3d,25,71,d1,1f,d2,92,8b,13,8b,bc,\
"??"=hex:90,4c,53,40,5e,80,19,01,24,59,4b,71,fa,9f,60,c0
.
[HKEY_USERS\S-1-5-21-99504729-2130033436-3414475424-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,18,79,47,6b,39,cd,13,5c,c7,6c,fc,e5,70,f8,84,be,3a,ab,44,73,
6d,c4,7f,6b,8e,f4,ad,38,80,d4,70,85,d8,0c,bb,c3,a6,47,06,1e,18,b8,07,aa,d1,\
"rkeysecu"=hex:6b,3b,2e,1b,35,ba,64,a6,4e,81,14,c4,a9,8b,e2,db
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\Opera\opera.exe
.
**************************************************************************
.
Celkový čas: 2012-03-20 16:58:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-20 15:58
ComboFix2.txt 2012-03-19 20:51
ComboFix3.txt 2012-03-18 21:39
ComboFix4.txt 2012-02-12 12:44
.
Před spuštěním: Volných bajtů: 136 364 892 160
Po spuštění: Volných bajtů: 136 275 353 600
.
- - End Of File - - 625CF4FE68FD52262BCB9E2D4F2C8F8A

[jmenujisepetr]

přidávám ještě z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by MASTER at 2012-03-20 17:06:38
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 130 GB (65%) free of 200 GB
Total RAM: 8172 MB (76% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Echobit\Evolve\EvoSvc.exe" -service -logfile "C:\ProgramData\Echobit\Evolve\EvoSvc.log"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UAService7.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1748
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Opera\opera.exe"
notepad.exe "C:\Users\MASTER\AppData\Local\Temp\log.txt"
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {9E1D92D9-A818-4668-8105-D9169295E2FC}
"C:\Users\MASTER\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - \bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\MASTER\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2011-11-22 57224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\BSP DB Toolbar\tbcore3.dll [2011-06-22 2398720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20 1581376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-04 6602856]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]
"THXCfg64"=C:\Windows\system32\THXCfg64.dll [2009-10-15 17920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"OscarEditor"=C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [2009-12-22 2647040]
"Steam"=D:\steam\Steam.exe [2011-12-14 1242448]
"EvolveClient"=C:\Program Files\Echobit\Evolve\EvolveClient.exe [2012-02-22 1735672]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-02-22 740216]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-07-26 397992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe [2011-08-10 6819712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\MASTER\AppData\Roaming\QipGuard\QipGuard.exe /p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\rgsc\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-02-22 740216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MASTER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~2\Hamachi\hamachi.exe [2011-11-27 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MASTER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [2010-11-18 1351680]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-08-16 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-03-20 16:58:43 ----D---- C:\Windows\temp
2012-03-20 16:58:42 ----A---- C:\ComboFix.txt
2012-03-20 16:56:18 ----SHD---- C:\$RECYCLE.BIN
2012-03-19 22:22:20 ----A---- C:\TDSSKiller.2.7.20.0_19.03.2012_22.22.20_log.txt
2012-03-19 22:09:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-03-19 22:09:29 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-19 20:45:21 ----D---- C:\Users\MASTER\AppData\Roaming\ConMet
2012-03-19 20:45:21 ----D---- C:\ProgramData\ConMet
2012-03-19 16:13:55 ----D---- C:\rsit
2012-03-19 16:13:55 ----D---- C:\Program Files\trend micro
2012-03-18 23:40:52 ----D---- C:\TDSSKiller_Quarantine
2012-03-18 23:40:09 ----A---- C:\TDSSKiller.2.7.20.0_18.03.2012_23.40.09_log.txt
2012-03-18 22:31:56 ----A---- C:\Windows\zip.exe
2012-03-18 22:31:56 ----A---- C:\Windows\SWSC.exe
2012-03-18 22:31:56 ----A---- C:\Windows\SWREG.exe
2012-03-18 22:31:56 ----A---- C:\Windows\sed.exe
2012-03-18 22:31:56 ----A---- C:\Windows\PEV.exe
2012-03-18 22:31:56 ----A---- C:\Windows\NIRCMD.exe
2012-03-18 22:31:56 ----A---- C:\Windows\MBR.exe
2012-03-18 22:31:56 ----A---- C:\Windows\grep.exe
2012-03-17 00:15:13 ----A---- C:\Windows\SYSWOW64\UAService7.exe
2012-03-15 23:11:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-15 23:11:21 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-15 23:11:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-15 23:05:55 ----A---- C:\Windows\system32\nvhdap64.dll
2012-03-15 23:05:55 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2012-03-15 23:05:55 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-03-15 23:05:54 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\OpenCL.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvoglv64.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvinitx.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvcuvid.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvcuda.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\nvcompiler.dll
2012-03-15 23:05:54 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-03-15 21:19:48 ----A---- C:\Windows\system32\win32k.sys
2012-03-15 21:19:46 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-15 21:19:46 ----A---- C:\Windows\system32\DWrite.dll
2012-03-15 21:16:38 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-15 21:16:38 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-15 21:16:38 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-15 21:16:37 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-15 21:16:37 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-15 21:16:37 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-15 21:16:37 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-02-29 13:26:56 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2012-02-24 23:57:31 ----D---- C:\Users\MASTER\AppData\Roaming\SPORE
2012-02-24 00:10:56 ----A---- C:\Windows\system32\lg.dat
2012-02-23 23:58:44 ----AD---- C:\ProgramData\TEMP
2012-02-23 23:58:40 ----A---- C:\Windows\SYSWOW64\IJL_11.DLL
2012-02-23 18:13:05 ----SHD---- C:\Windows\ftpcache

======List of files/folders modified in the last 1 month======

2012-03-20 17:06:55 ----D---- C:\Users\MASTER\AppData\Roaming\uTorrent
2012-03-20 16:59:23 ----D---- C:\Windows\system32\config
2012-03-20 16:58:44 ----D---- C:\Windows\system32\drivers
2012-03-20 16:58:44 ----D---- C:\Qoobox
2012-03-20 16:58:43 ----D---- C:\Windows
2012-03-20 16:56:15 ----A---- C:\Windows\system.ini
2012-03-20 16:55:54 ----D---- C:\ProgramData\NVIDIA
2012-03-20 16:53:54 ----D---- C:\Windows\SYSWOW64\drivers
2012-03-20 16:53:54 ----D---- C:\Windows\SysWOW64
2012-03-20 16:53:54 ----D---- C:\Windows\System32
2012-03-20 16:53:54 ----D---- C:\Windows\AppPatch
2012-03-20 16:53:52 ----D---- C:\Program Files\Common Files
2012-03-20 16:53:52 ----D---- C:\Program Files (x86)\Common Files
2012-03-20 15:50:20 ----SHD---- C:\System Volume Information
2012-03-19 23:12:27 ----D---- C:\Windows\system32\drivers\etc
2012-03-19 22:20:27 ----RD---- C:\Program Files (x86)
2012-03-19 22:20:27 ----RD---- C:\Program Files
2012-03-19 22:09:29 ----D---- C:\ProgramData
2012-03-19 21:54:30 ----D---- C:\Program Files (x86)\Opera
2012-03-19 21:45:26 ----D---- C:\Users\MASTER\AppData\Roaming\Mumble
2012-03-19 20:06:47 ----D---- C:\Windows\system32\NDF
2012-03-19 20:04:12 ----SHD---- C:\Windows\Installer
2012-03-19 20:04:09 ----D---- C:\Program Files (x86)\Mumble
2012-03-19 15:46:03 ----D---- C:\Users\MASTER\AppData\Roaming\Hamachi
2012-03-19 15:23:46 ----D---- C:\Users\MASTER\AppData\Roaming\Skype
2012-03-19 15:20:21 ----D---- C:\Users\MASTER\AppData\Roaming\DAEMON Tools Lite
2012-03-19 14:51:10 ----D---- C:\Windows\system32\catroot2
2012-03-18 22:31:53 ----D---- C:\Windows\Prefetch
2012-03-18 21:22:09 ----D---- C:\Users\MASTER\AppData\Roaming\Media Player Classic
2012-03-18 21:15:09 ----D---- C:\Windows\debug
2012-03-16 16:06:54 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-03-16 16:06:53 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-03-16 16:06:53 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-03-16 15:51:00 ----D---- C:\Windows\winsxs
2012-03-15 23:11:24 ----D---- C:\Windows\system32\catroot
2012-03-15 23:10:24 ----A---- C:\Windows\system32\MRT.exe
2012-03-15 23:10:12 ----D---- C:\ProgramData\Microsoft Help
2012-03-15 23:07:30 ----RD---- C:\Users
2012-03-15 23:07:29 ----D---- C:\Program Files\NVIDIA Corporation
2012-03-15 23:07:29 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-15 23:07:24 ----D---- C:\Windows\system32\DriverStore
2012-03-15 23:07:24 ----D---- C:\Windows\inf
2012-03-15 23:06:26 ----D---- C:\NVIDIA
2012-03-15 21:29:06 ----RD---- C:\Program Files (x86)\Skype
2012-03-15 21:29:04 ----D---- C:\ProgramData\Skype
2012-03-15 21:18:26 ----D---- C:\Users\MASTER\AppData\Roaming\TS3Client
2012-03-08 15:40:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-01 01:02:00 ----A---- C:\Windows\SYSWOW64\nvwgf2um_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\SYSWOW64\nvoglv32_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\SYSWOW64\nvd3dum_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvwgf2umx_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvoglv64_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvgenco64.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvdispco64.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvd3dumx_evolve.dll
2012-03-01 01:02:00 ----A---- C:\Windows\system32\nvapi64.dll
2012-02-29 22:00:22 ----A---- C:\Windows\system32\nvsvc64.dll
2012-02-29 22:00:09 ----A---- C:\Windows\system32\nvcpl.dll
2012-02-29 21:59:47 ----A---- C:\Windows\system32\nvvsvc.exe
2012-02-29 21:59:47 ----A---- C:\Windows\system32\nvsvcr.dll
2012-02-29 21:59:47 ----A---- C:\Windows\system32\nvshext.dll
2012-02-29 21:59:47 ----A---- C:\Windows\system32\nvmctray.dll
2012-02-28 18:57:09 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-24 00:04:28 ----HD---- C:\Program Files (x86)\Rlhfxtmjkuokia
2012-02-23 10:17:41 ----D---- C:\Program Files (x86)\uTorrent
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
2012-02-22 11:23:00 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 EvoKbFilter;Evolve Keyboard Filter Driver; C:\Windows\System32\Drivers\EvoKbFilter.sys [2011-08-30 27800]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver; C:\Windows\system32\DRIVERS\evolve.sys [2010-08-07 21656]
R3 EvoMouFilter;Evolve Mouse Filter Driver; C:\Windows\System32\Drivers\EvoMouFilter.sys [2011-08-30 24216]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-11-27 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-04 2697448]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Users\MASTER\Garena Classic\safedrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 EvoSvc;Evolve Service; C:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-02-22 1459192]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-08-24 66872]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-08-10 190336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\syswow64\UAService7.exe [2012-03-17 143360]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-16 489256]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1255736]

-----------------EOF-----------------

[Rudy]

Zdravím!
Je nesmysl, dělat log RSIT po skenu CF, který smaže věechny stopy po virech. Navíc dělat sken CF bez předchozí kontroly logu RSIT je koledování si o shození systému.

K věci: Tento soubor: c:\windows\SysWow64\IJL_11.DLL otestujte online na www.virustotal.com . Výsledek oznamte.

[jmenujisepetr]

aha to jsem nevěděl. Jinak na té stránce, myslím že to nic nenašlo. http://imageshack.us/photo/my-images/856/viro.png/

[Rudy]

Ano, ten soubor je v pořádku. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files (x86)\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Regnull::
[HKEY_USERS\S-1-5-21-99504729-2130033436-3414475424-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-99504729-2130033436-3414475424-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[jmenujisepetr]

takže udělal jsem to. Internet nevím jestli se zlepšil některé stránky to načte, některé pořád ne nebo strašně pomalu. posílam log:


ComboFix 12-03-17.01 - MASTER 20.03.2012 20:20:25.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8172.6570 [GMT 1:00]
Spuštěný z: c:\users\MASTER\Desktop\ComboFixx.exe
Použité ovládací přepínače :: c:\users\MASTER\Desktop\CFScript.txt.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_4d1.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-20 do 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 19:22 . 2012-03-20 19:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-20 19:22 . 2012-03-20 19:22 -------- d-----w- c:\users\mamka\AppData\Local\temp
2012-03-20 19:22 . 2012-03-20 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 14:33 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{870E2C4F-438C-418E-AEF4-971A688DD2F8}\mpengine.dll
2012-03-19 21:09 . 2012-03-19 22:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 19:45 . 2012-03-19 19:46 -------- d-----w- c:\programdata\ConMet
2012-03-19 19:45 . 2012-03-19 19:45 -------- d-----w- c:\users\MASTER\AppData\Roaming\ConMet
2012-03-19 18:57 . 2012-03-19 18:57 -------- d-----w- c:\users\MASTER\AppData\Local\Mumble
2012-03-19 15:13 . 2012-03-19 15:14 -------- d-----w- C:\rsit
2012-03-19 15:13 . 2012-03-19 15:13 -------- d-----w- c:\program files\trend micro
2012-03-18 22:40 . 2012-03-18 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 23:15 . 2012-03-16 23:15 143360 ----a-w- c:\windows\SysWow64\UAService7.exe
2012-03-15 22:11 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 22:11 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 22:11 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 22:07 . 2012-03-15 22:07 -------- d-----w- c:\users\UpdatusUser
2012-03-15 22:06 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-15 20:29 . 2012-03-15 20:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-15 20:19 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 20:19 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 20:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 20:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 20:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 20:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 20:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-15 20:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 20:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 20:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 17:14 . 2012-03-05 17:14 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-28 17:57 . 2012-02-28 17:57 -------- d-----w- c:\users\MASTER\AppData\Local\Activision
2012-02-24 22:57 . 2012-02-24 22:57 -------- d-----w- c:\users\MASTER\AppData\Roaming\SPORE
2012-02-23 22:58 . 2004-03-08 22:00 124688 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2012-02-23 22:58 . 2004-03-08 22:00 212240 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-02-23 22:58 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\IJL_11.DLL
2012-02-23 17:13 . 2012-02-23 17:13 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 15:06 . 2011-08-16 09:58 197112 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-16 15:06 . 2011-08-18 19:43 345080 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-16 15:06 . 2011-08-16 09:58 345080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-08-18 19:43 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 25543488 ----a-w- c:\windows\system32\nvoglv64_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 19444544 ----a-w- c:\windows\SysWow64\nvoglv32_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 17642816 ----a-w- c:\windows\system32\nvd3dumx_evolve.dll
2012-03-01 00:02 . 2011-08-18 19:43 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-18 19:43 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-08-16 09:58 9717568 ----a-w- c:\windows\system32\nvwgf2umx_evolve.dll
2012-03-01 00:02 . 2011-08-16 09:58 15009600 ----a-w- c:\windows\SysWow64\nvd3dum_evolve.dll
2012-03-01 00:02 . 2011-08-16 09:57 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-08-16 09:57 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-29 21:00 . 2011-01-07 18:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-01-07 18:50 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-01-07 18:49 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-01-07 18:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-01-07 18:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-01-07 18:49 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-23 08:18 . 2011-08-17 08:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 17:57 . 2012-02-16 17:57 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-02-12 11:20 . 2011-08-30 13:30 314360 ----a-w- c:\windows\system32\EvoDisplayHelper.dll
2012-02-12 11:20 . 2011-08-30 13:30 197112 ----a-w- c:\windows\SysWow64\EvoDisplayHelper.dll
2012-01-28 11:52 . 2011-08-18 05:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-15 15:23 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 15:23 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 15:22 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 15:22 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 15:22 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:34 . 2011-12-25 14:34 65536 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
2011-12-25 14:31 . 2011-12-25 14:31 3584 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-18_21.37.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-19 17:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 17:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-15 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 09:47 . 2012-03-20 15:57 42112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-20 15:57 29170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 20:21 . 2012-03-20 15:57 11120 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-99504729-2130033436-3414475424-1000_UserData.bin
+ 2011-08-15 20:17 . 2012-03-20 14:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 20:17 . 2012-03-06 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 20:17 . 2012-03-06 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-20 14:54 . 2012-03-20 14:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 14:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 19:45 . 2012-03-19 20:48 11222 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\qwavecache.dat
+ 2011-08-18 17:35 . 2012-03-19 14:41 9560 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_48.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 9560 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_48.bin
+ 2011-08-18 17:35 . 2012-03-19 14:41 4280 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_32.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 4280 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_32.bin
- 2011-08-18 17:35 . 2012-02-16 16:42 2456 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_24.bin
+ 2011-08-18 17:35 . 2012-03-19 14:41 2456 c:\windows\system32\NetworkList\Icons\{CD035DDF-3555-4815-A791-1ACB7D64D37E}_24.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 9560 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_48.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 9560 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_48.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 4280 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_32.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 4280 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_32.bin
- 2011-11-27 14:50 . 2011-11-27 14:50 2456 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_24.bin
+ 2011-11-27 14:50 . 2012-03-19 14:43 2456 c:\windows\system32\NetworkList\Icons\{BE99F217-CA18-4083-A765-2C9822B4C04B}_24.bin
- 2012-03-18 21:36 . 2012-03-18 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 19:23 . 2012-03-20 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 19:23 . 2012-03-20 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-18 21:36 . 2012-03-18 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-18 07:15 . 2010-03-18 07:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-03-18 07:15 . 2010-03-18 07:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-08-16 12:13 . 2012-03-20 19:17 304608 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:12 . 2012-03-20 14:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-03-19 13:53 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-03-20 19:23 395268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-18 21:35 395268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-16 05:18 . 2012-03-20 19:23 5265304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-16 05:18 . 2012-03-18 21:35 5265304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-16 04:40 . 2012-03-19 20:48 8770868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-99504729-2130033436-3414475424-1000-8192.dat
+ 2011-08-16 05:12 . 2012-03-20 19:23 9907400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-99504729-2130033436-3414475424-1000-12288.dat
+ 2012-03-19 19:03 . 2012-03-19 19:03 17904640 c:\windows\Installer\3d295.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2009-12-22 2647040]
"Steam"="d:\steam\Steam.exe" [2011-12-14 1242448]
"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2012-02-22 1735672]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-22 740216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GGSAFERDriver;GGSAFER Driver;c:\users\MASTER\Garena Classic\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-02-22 1459192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-08-10 190336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [x]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/bsprpc/{54AF5073-C9D ... 3D3AA7CF2B}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\Opera\opera.exe
.
**************************************************************************
.
Celkový čas: 2012-03-20 20:26:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-20 19:26
ComboFix2.txt 2012-03-20 15:58
ComboFix3.txt 2012-03-19 20:51
ComboFix4.txt 2012-03-18 21:39
ComboFix5.txt 2012-03-20 19:19
.
Před spuštěním: Volných bajtů: 135 812 255 744
Po spuštění: Volných bajtů: 135 728 648 192
.
- - End Of File - - 305447CDA008695F5397A4F4E3A99193

[Rudy]

Smazáno. Zkuste ještě Startmenu>přík. řádek>(napsat) netsh winsock reset>Enter. Restartujte PC. Příkaz resetuje TCP/IP protokol.

[jmenujisepetr]

udělal jsem ale pořád se to načítá strašně pomalu

[Rudy]

Zkuste přeinstalovat ovladač síť. karty.

[jmenujisepetr]

Našel jsem ve správci zařízení realtek pcie family controller doufám že je to ono. nemohl jsem najít nikde reinstall tak jsem dal update něco to stáhlo nainstalovalo ale stálě se nic nezměnilo... Mám jít normálně na google a vygooglit ho a celý reinstall?

[Rudy]

Mám jít normálně na google a vygooglit ho a celý reinstall?

Ano tak. Měl byste ho ale mít na CD, které jste obdržel k hardwaru.

[jmenujisepetr]

přeinstalováno(z cd) ale pořád se nic neděje nejvíc mě na tom štve to že stahování mám normální kolem 1500 - 1800kb/s ale stránky jak jsem už psal některé se načtou(uplně,neúplně) některé vůbec a některé až po minutě a dýl

[Rudy]

Řekněte mi nějakou konkrétní stránku, která se vám nenačte.

[jmenujisepetr]

http://pt.musicplayon.com/play?v=135309 ... udioOnly=N - tady se mi nenačte vůbec ten přehrávač jenom ty reklamy a steve aoki + titulky
http://slovnik.cz/ - ten se mi pořád načíta.
http://www.novinky.cz/domaci/262585-min ... zpravy-dne - ty se mi taky pořád načíjí ale jsou už jakdyby zobrazené


všechny se načou celé zhruba po minutě

[jmenujisepetr]

a musím používat operu turbo abych některé stránky vůbec zobrazil