Prosím o kontrolu logu Vyřešeno

[shutterCZE]

Dobrý den v poslední době mám zasekanou mozillu a skype , vždy se po načtení stránky kousne a neodpovídá , to samé skype a občas když najedu do Počítače nezobrazí se mi disky.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:33:48, on 7.3.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\ShutterCZE\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static ... .127.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA89BBA-8318-44B4-A04E-7760AD9CC305}: NameServer = 82.144.128.1,82.144.129.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8055 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static ... .127.0.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[shutterCZE]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.08.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ShutterCZE :: Matěj-PC [administrátor]

8.3.2012 7:47:45
mbam-log-2012-03-08 (07-47-45).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 225724
Uplynulý čas: 7 minut, 19 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[shutterCZE]

ComboFix 12-03-07.05 - ShutterCZE 08.03.2012 10:38:58.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2046.1017 [GMT 1:00]
Spuštěný z: c:\users\ShutterCZE\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0405.exe
c:\windows\SysWow64\tmp58EF.tmp
c:\windows\SysWow64\tmp590F.tmp
c:\windows\SysWow64\tmp6DD8.tmp
c:\windows\SysWow64\tmp6E55.tmp
c:\windows\SysWow64\tmpE54F.tmp
c:\windows\SysWow64\tmpE59E.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-08 do 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 10:18 . 2012-03-08 10:18 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-08 10:18 . 2012-03-08 10:18 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-08 10:18 . 2012-03-08 10:18 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-08 10:18 . 2012-03-08 10:18 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-08 10:18 . 2012-03-08 10:18 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-08 10:15 . 2012-03-08 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 06:46 . 2012-03-08 06:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 06:46 . 2012-03-08 06:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 06:46 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 21:15 . 2012-03-07 21:17 -------- d-----w- c:\program files (x86)\Google
2012-03-07 21:15 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-07 21:15 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 21:15 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 21:15 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 21:15 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 21:15 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 21:15 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 21:13 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 21:13 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 21:13 . 2012-03-07 21:13 -------- d-----w- c:\programdata\AVAST Software
2012-03-07 21:13 . 2012-03-07 21:13 -------- d-----w- c:\program files\AVAST Software
2012-03-07 16:25 . 2012-03-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-07 16:25 . 2012-03-07 16:25 -------- d-----r- c:\program files (x86)\Skype
2012-03-07 16:15 . 2012-03-07 16:16 -------- d-----w- c:\users\Shutter
2012-03-06 18:34 . 2011-12-19 13:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-03-05 12:16 . 2009-07-13 18:04 839680 ----a-w- c:\windows\SysWow64\mkl_vml_p4.dll
2012-03-05 12:16 . 2009-07-13 18:04 532480 ----a-w- c:\windows\SysWow64\mkl_vml_p3.dll
2012-03-05 12:16 . 2009-07-13 18:04 512000 ----a-w- c:\windows\SysWow64\mkl_vml_def.dll
2012-03-05 12:16 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\SysWow64\mkl_p4.dll
2012-03-05 12:16 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\SysWow64\mkl_p3.dll
2012-03-05 12:16 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\SysWow64\mkl_def.dll
2012-03-05 12:16 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\SysWow64\mkl_lapack32.dll
2012-03-05 12:16 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\SysWow64\mkl_lapack64.dll
2012-03-05 12:16 . 2009-07-13 18:04 184320 ----a-w- c:\windows\SysWow64\libguide40.dll
2012-03-04 19:11 . 2012-03-04 19:11 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-03-04 15:13 . 2012-03-04 15:20 -------- d-----w- C:\Dev-Cpp
2012-03-01 19:57 . 2012-03-01 19:57 -------- d-----w- c:\programdata\Apache
2012-02-29 14:31 . 2012-02-29 14:31 -------- d-----w- c:\programdata\ATI
2012-02-29 14:30 . 2012-02-29 14:30 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-29 14:29 . 2012-02-29 14:29 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-29 14:29 . 2012-02-29 14:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-02-29 14:29 . 2012-02-29 14:29 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-02-29 14:26 . 2012-02-29 14:26 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-02-29 14:26 . 2012-02-29 14:26 -------- d-----w- c:\program files\ATI
2012-02-29 14:26 . 2012-02-29 14:28 -------- d-----w- c:\program files\ATI Technologies
2012-02-29 14:25 . 2012-02-29 14:25 -------- d-----w- C:\AMD
2012-02-29 13:59 . 2012-02-29 13:59 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-02-29 12:33 . 2012-02-29 12:33 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-25 14:40 . 2012-02-25 14:40 -------- d-----w- c:\windows\Ubisoft
2012-02-25 14:38 . 2012-02-25 14:38 -------- d-----w- c:\program files (x86)\directx
2012-02-21 13:58 . 2011-05-06 12:40 1302528 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-02-21 13:58 . 2010-09-22 13:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-02-21 13:58 . 2012-03-05 12:16 -------- d-----w- c:\program files (x86)\BRS
2012-02-19 10:20 . 2012-02-19 10:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-02-18 16:34 . 2012-02-18 16:35 -------- d-----w- c:\program files (x86)\Driver Sweeper
2012-02-15 18:18 . 2009-07-21 21:03 294400 ----a-w- c:\windows\system32\FMAPO64.dll
2012-02-15 18:18 . 2009-04-16 09:13 166400 ----a-w- c:\windows\system32\AERTAC64.dll
2012-02-15 18:18 . 2009-03-31 13:02 108032 ----a-w- c:\windows\system32\AERTAR64.dll
2012-02-15 18:18 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-15 18:07 . 2012-02-15 18:20 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-02-15 18:05 . 2011-08-05 17:29 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2012-02-15 17:52 . 2012-02-15 17:52 -------- d-----w- c:\program files (x86)\Realtek
2012-02-15 06:35 . 2012-02-15 06:36 -------- d-----w- c:\users\Guest
2012-02-14 19:15 . 2012-02-24 18:32 -------- d-----w- c:\programdata\EA Logs
2012-02-14 15:21 . 2012-02-14 19:15 -------- d-----w- c:\programdata\Origin
2012-02-13 16:59 . 2012-02-13 16:59 -------- d-----w- c:\programdata\Futuremark
2012-02-13 15:52 . 2012-03-05 12:16 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-13 15:38 . 2004-10-25 19:02 21664 ----a-w- c:\windows\SysWow64\drivers\Entech.sys
2012-02-13 15:38 . 2004-06-22 14:44 5632 ----a-w- c:\windows\SysWow64\drivers\Entech64.sys
2012-02-13 15:38 . 2001-11-19 18:05 3972 ----a-w- c:\windows\SysWow64\drivers\PciBus.sys
2012-02-13 15:38 . 2012-02-13 15:38 -------- d-----w- c:\windows\SysWow64\Futuremark
2012-02-11 19:14 . 2012-02-11 19:14 -------- d-----w- c:\program files\CPUID
2012-02-11 19:14 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-02-11 14:26 . 2012-02-13 16:54 -------- d-----w- c:\program files (x86)\Futuremark
2012-02-11 06:54 . 2012-02-20 17:37 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-02-11 06:54 . 2007-10-16 15:15 36416 ----a-w- c:\windows\ET5Drv.sys
2012-02-11 06:49 . 2012-02-11 08:55 -------- d-----w- c:\program files (x86)\GIGABYTE
2012-02-11 06:48 . 2012-02-11 06:49 25640 ----a-w- c:\windows\gdrv.sys
2012-02-10 15:24 . 2012-02-10 15:24 -------- d-----w- c:\program files\DIFX
2012-02-10 15:24 . 2012-02-29 14:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-10 15:24 . 2012-02-29 14:05 -------- d-----w- c:\program files (x86)\AMD
2012-02-10 15:24 . 2009-04-03 05:39 34872 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2012-02-10 14:53 . 2009-05-04 16:30 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2012-02-09 22:12 . 2012-02-09 22:12 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-02-09 15:35 . 2012-02-29 14:00 -------- d-----w- c:\program files (x86)\Sapphire TRIXX
2012-02-08 18:22 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2012-02-08 15:43 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 06:15 . 2011-11-06 09:39 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-07 06:15 . 2011-11-06 09:27 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 21:16 . 2011-11-06 09:27 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-06 18:34 . 2011-11-06 09:27 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-05 12:16 . 2011-11-09 16:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-05 12:16 . 2011-11-09 16:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-05 12:16 . 2011-11-09 16:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-04 17:26 . 2011-11-14 13:56 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-12-15 13:03 . 2011-12-15 13:03 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-11-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 AVerA706_x64;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-20 30528]
R3 TRIXX;TRIXX;c:\users\SHUTTE~1\AppData\Local\Temp\TRIXX.sys [x]
R3 TunngleService;TunngleService;d:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;WatAdminSvc; [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 21:15]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: Interfaces\{DEA89BBA-8318-44B4-A04E-7760AD9CC305}: NameServer = 82.144.128.1,82.144.129.1
FF - ProfilePath - c:\users\ShutterCZE\AppData\Roaming\Mozilla\Firefox\Profiles\d7do0x6d.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Dungeon Defenders - d:\program files (x86)\Trendy Entertainment\Dungeon Defenders\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-The Darkness II_is1 - d:\program files (x86)\2K Games\The Darkness II\unins000.exe
AddRemove-{901B8EBE-9919-4EED-96E9-F318EDA09BF6} - c:\program files (x86)\.minecraft\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SHUTTE~1\AppData\Local\Temp\005E44A.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
d:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2012-03-08 11:26:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-08 10:26
.
Před spuštěním: Volných bajtů: 10 813 558 784
Po spuštění: Volných bajtů: 11 567 591 424
.
- - End Of File - - 7BA42BD4825AD5AE9BBDFCF36AA555C3

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\ativpsrm.bin
c:\windows\system32\GameMon.des
c:\users\SHUTTE~1\AppData\Local\Temp\005E44A.tmp

Folder::
c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

Driver::
npggsvc
X6va005

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

REgLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\user32.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[shutterCZE]

ComboFix 12-03-07.05 - ShutterCZE 08.03.2012 15:59:52.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2046.946 [GMT 1:00]
Spuštěný z: c:\users\ShutterCZE\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\ShutterCZE\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\SHUTTE~1\AppData\Local\Temp\005E44A.tmp"
"c:\windows\ativpsrm.bin"
"c:\windows\system32\GameMon.des"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll
c:\windows\SysWow64\tmpB77D.tmp
c:\windows\SysWow64\tmpB7BC.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_npggsvc
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-08 do 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 15:08 . 2012-03-08 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 14:10 . 2012-03-08 14:10 -------- d-----w- c:\program files (x86)\HD Tune
2012-03-08 12:34 . 2012-03-08 12:34 -------- d-----w- c:\programdata\ATI
2012-03-08 12:28 . 2012-03-08 12:28 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-08 12:26 . 2012-03-08 12:26 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 12:26 . 2012-03-08 12:26 -------- d-----w- c:\program files\AMD
2012-03-08 12:26 . 2012-03-08 12:26 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-08 12:26 . 2012-03-08 12:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-08 12:26 . 2012-03-08 12:26 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-08 12:24 . 2012-03-08 12:24 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-08 12:24 . 2012-03-08 12:24 -------- d-----w- c:\program files\ATI
2012-03-08 12:23 . 2012-03-08 12:26 -------- d-----w- c:\program files\ATI Technologies
2012-03-08 12:23 . 2012-03-08 12:23 -------- d-----w- C:\AMD
2012-03-08 11:32 . 2012-03-08 11:36 -------- d-----w- c:\program files (x86)\ATITool
2012-03-08 06:46 . 2012-03-08 06:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 06:46 . 2012-03-08 06:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 06:46 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 21:15 . 2012-03-07 21:17 -------- d-----w- c:\program files (x86)\Google
2012-03-07 21:15 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-07 21:15 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 21:15 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 21:15 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 21:15 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 21:15 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 21:15 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 21:13 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 21:13 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 21:13 . 2012-03-07 21:13 -------- d-----w- c:\programdata\AVAST Software
2012-03-07 21:13 . 2012-03-07 21:13 -------- d-----w- c:\program files\AVAST Software
2012-03-07 16:25 . 2012-03-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-07 16:25 . 2012-03-07 16:25 -------- d-----r- c:\program files (x86)\Skype
2012-03-07 16:15 . 2012-03-07 16:16 -------- d-----w- c:\users\Shutter
2012-03-06 18:34 . 2011-12-19 13:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-03-05 12:16 . 2009-07-13 18:04 839680 ----a-w- c:\windows\SysWow64\mkl_vml_p4.dll
2012-03-05 12:16 . 2009-07-13 18:04 532480 ----a-w- c:\windows\SysWow64\mkl_vml_p3.dll
2012-03-05 12:16 . 2009-07-13 18:04 512000 ----a-w- c:\windows\SysWow64\mkl_vml_def.dll
2012-03-05 12:16 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\SysWow64\mkl_p4.dll
2012-03-05 12:16 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\SysWow64\mkl_p3.dll
2012-03-05 12:16 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\SysWow64\mkl_def.dll
2012-02-19 10:20 . 2012-02-19 10:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-02-18 16:34 . 2012-03-08 12:03 -------- d-----w- c:\program files (x86)\Driver Sweeper
2012-02-15 18:18 . 2009-07-21 21:03 294400 ----a-w- c:\windows\system32\FMAPO64.dll
2012-02-15 18:18 . 2009-04-16 09:13 166400 ----a-w- c:\windows\system32\AERTAC64.dll
2012-02-15 18:18 . 2009-03-31 13:02 108032 ----a-w- c:\windows\system32\AERTAR64.dll
2012-02-15 18:18 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-15 18:07 . 2012-02-15 18:20 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-02-15 18:05 . 2011-08-05 17:29 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2012-02-15 17:52 . 2012-02-15 17:52 -------- d-----w- c:\program files (x86)\Realtek
2012-02-15 06:35 . 2012-02-15 06:36 -------- d-----w- c:\users\Guest
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-14 19:15 . 2012-02-24 18:32 -------- d-----w- c:\programdata\EA Logs
2012-02-14 15:21 . 2012-02-14 19:15 -------- d-----w- c:\programdata\Origin
2012-02-13 16:59 . 2012-02-13 16:59 -------- d-----w- c:\programdata\Futuremark
2012-02-13 15:52 . 2012-03-05 12:16 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-13 15:38 . 2004-10-25 19:02 21664 ----a-w- c:\windows\SysWow64\drivers\Entech.sys
2012-02-13 15:38 . 2004-06-22 14:44 5632 ----a-w- c:\windows\SysWow64\drivers\Entech64.sys
2012-02-13 15:38 . 2001-11-19 18:05 3972 ----a-w- c:\windows\SysWow64\drivers\PciBus.sys
2012-02-13 15:38 . 2012-02-13 15:38 -------- d-----w- c:\windows\SysWow64\Futuremark
2012-02-11 19:14 . 2012-02-11 19:14 -------- d-----w- c:\program files\CPUID
2012-02-11 19:14 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-02-11 14:26 . 2012-02-13 16:54 -------- d-----w- c:\program files (x86)\Futuremark
2012-02-11 06:54 . 2012-02-20 17:37 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-02-11 06:54 . 2007-10-16 15:15 36416 ----a-w- c:\windows\ET5Drv.sys
2012-02-11 06:49 . 2012-02-11 08:55 -------- d-----w- c:\program files (x86)\GIGABYTE
2012-02-11 06:48 . 2012-02-11 06:49 25640 ----a-w- c:\windows\gdrv.sys
2012-02-10 15:24 . 2012-02-10 15:24 -------- d-----w- c:\program files\DIFX
2012-02-10 15:24 . 2012-03-08 12:26 -------- d-----w- c:\program files (x86)\AMD
2012-02-10 15:24 . 2012-02-29 14:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-10 15:24 . 2009-04-03 05:39 34872 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2012-02-10 14:53 . 2009-05-04 16:30 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2012-02-09 15:35 . 2012-02-29 14:00 -------- d-----w- c:\program files (x86)\Sapphire TRIXX
2012-02-08 18:22 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2012-02-08 15:43 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 06:15 . 2011-11-06 09:39 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-07 06:15 . 2011-11-06 09:27 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 21:16 . 2011-11-06 09:27 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-06 18:34 . 2011-11-06 09:27 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-05 12:16 . 2011-11-09 16:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-05 12:16 . 2011-11-09 16:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-05 12:16 . 2011-11-09 16:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-04 17:26 . 2011-11-14 13:56 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-15 02:16 . 2011-10-12 19:39 58880 ----a-w- c:\windows\system32\coinst.dll
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2011-12-15 13:03 . 2011-12-15 13:03 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-08_10.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-08 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-08 12:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-01 17:42 . 2012-03-08 12:30 40542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 15:11 36764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-01 17:42 . 2012-03-08 15:11 15972 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-395887479-143600493-1226420593-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-03-08 12:25 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-03-08 07:13 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 02:16 . 2012-02-15 02:16 58880 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\coinst.dll
+ 2012-02-15 02:12 . 2012-02-15 02:12 33280 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiuxpag.dll
+ 2012-02-15 02:12 . 2012-02-15 02:12 43008 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiuxp64.dll
+ 2012-02-15 02:12 . 2012-02-15 02:12 30208 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiu9pag.dll
+ 2012-02-15 02:12 . 2012-02-15 02:12 39936 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiu9p64.dll
+ 2012-02-15 02:21 . 2012-02-15 02:21 70656 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atisamu64.dll
+ 2009-06-22 15:34 . 2009-06-22 15:34 51200 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ATIODCLI.exe
+ 2012-02-15 03:10 . 2012-02-15 03:10 21504 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atimuixx.dll
+ 2012-02-15 02:11 . 2012-02-15 02:11 54784 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atimpc64.dll
+ 2012-02-15 02:11 . 2012-02-15 02:11 53760 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atimpc32.dll
+ 2012-02-15 02:13 . 2012-02-15 02:13 14336 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiglpxx.dll
+ 2012-02-15 02:13 . 2012-02-15 02:13 33280 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atigktxx.dll
+ 2012-02-15 02:13 . 2012-02-15 02:13 39936 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atig6txx.dll
+ 2012-02-15 02:13 . 2012-02-15 02:13 17408 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atig6pxx.dll
+ 2012-02-15 03:10 . 2012-02-15 03:10 59392 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiedu64.dll
+ 2012-02-15 02:34 . 2012-02-15 02:34 51200 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticalrt64.dll
+ 2012-02-15 02:34 . 2012-02-15 02:34 46080 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticalrt.dll
+ 2012-02-15 02:34 . 2012-02-15 02:34 44544 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticalcl64.dll
+ 2012-02-15 02:34 . 2012-02-15 02:34 44032 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticalcl.dll
+ 2012-02-15 02:11 . 2012-02-15 02:11 53248 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ati2erec.dll
+ 2012-02-15 03:10 . 2012-02-15 03:10 43520 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ati2edxx.dll
+ 2012-02-15 02:22 . 2012-02-15 02:22 70144 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\amdave64.dll
+ 2012-02-15 02:22 . 2012-02-15 02:22 71680 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\amdave32.dll
+ 2006-11-10 13:08 . 2006-11-10 13:08 30720 c:\windows\system32\DriverStore\FileRepository\atitool.inf_amd64_neutral_3e32db7ddd3d33ce\ATITool64.sys
+ 2006-11-10 13:08 . 2006-11-10 13:08 30720 c:\windows\system32\drivers\ATITool64.sys
+ 2011-11-02 01:35 . 2012-03-08 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-02 01:35 . 2012-03-07 16:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-02 01:35 . 2012-03-08 12:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-02 01:35 . 2012-03-07 16:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-07 16:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-22 15:34 . 2009-06-22 15:34 51200 c:\windows\system32\ATIODCLI.exe
- 2009-06-22 16:34 . 2009-06-22 16:34 51200 c:\windows\system32\ATIODCLI.exe
+ 2011-11-01 17:45 . 2012-03-08 12:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-01 17:45 . 2012-03-08 10:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-01 17:45 . 2012-03-08 12:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-01 17:45 . 2012-03-08 10:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-01 17:45 . 2012-03-08 12:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-01 17:45 . 2012-03-08 10:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-01 17:45 . 2012-03-08 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-01 17:45 . 2012-03-08 15:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-01 17:45 . 2012-03-08 15:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-01 17:45 . 2012-03-08 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}\ARPPRODUCTICON.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{C0E69600-E8D1-784D-829C-788D91D65051}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{B5AD9952-F716-9862-7ED7-734E0328CF7C}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{9526B61A-1C35-96D1-531B-C8DB1D36C336}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{92BE4E1B-AEFD-DA72-B805-948290A4BB13}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{685ACA56-004C-4F80-2BC0-951BF278C03F}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{5AF7EA0B-F009-CC00-E446-C2286AF80471}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{586F0E27-0BC5-34DE-AA0B-96D14397910E}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}\ARPPRODUCTICON.exe
- 2012-02-29 14:29 . 2012-02-29 14:29 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 88102 c:\windows\Installer\{39445575-7D3A-52AA-152B-7F9423D1AE69}\ARPPRODUCTICON.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2012-03-08 12:24 . 2012-03-08 12:24 88102 c:\windows\Installer\{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}\ARPPRODUCTICON.exe
+ 2012-03-08 12:25 . 2012-03-08 12:25 10134 c:\windows\Installer\{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}\ARPPRODUCTICON.exe
- 2012-02-29 14:28 . 2012-02-29 14:28 10134 c:\windows\Installer\{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{283153BB-CEE6-EE9C-81E8-4350D73354BA}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{251481E4-723F-492F-F5C1-3424FB2EF44E}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{0C818871-6337-17AC-CA8C-A3942F15D92A}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 88102 c:\windows\Installer\{030C0401-52A9-BE86-D8A7-52C0DA203275}\ARPPRODUCTICON.exe
+ 2012-03-08 11:29 . 2012-03-08 11:29 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\SysWOW64\atipblag.dat
- 2011-09-12 23:06 . 2011-09-12 23:06 3917 c:\windows\SysWOW64\atipblag.dat
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atipblag.dat
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\system32\atipblag.dat
- 2011-09-12 23:06 . 2011-09-12 23:06 3917 c:\windows\system32\atipblag.dat
+ 2012-03-08 15:09 . 2012-03-08 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-08 10:17 . 2012-03-08 10:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 15:09 . 2012-03-08 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-08 10:17 . 2012-03-08 10:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 12:25 . 2012-03-08 12:25 4846 c:\windows\Installer\{551F4187-F029-4240-DEF9-836B5E43CB29}\ARPPRODUCTICON.exe
+ 2012-03-08 12:26 . 2012-03-08 12:26 4846 c:\windows\Installer\{0C818871-6337-17AC-CA8C-A3942F15D92A}\NewShortcut1_2B635B8328AD44FA9F2DED7A5F1E298E.exe
- 2011-12-06 03:10 . 2011-12-06 03:10 278528 c:\windows\SysWOW64\Oemdspif.dll
+ 2011-10-12 20:07 . 2011-10-12 20:07 278528 c:\windows\SysWOW64\Oemdspif.dll
+ 2012-02-15 02:36 . 2012-02-15 02:36 204952 c:\windows\SysWOW64\ativvsvl.dat
+ 2012-02-15 02:36 . 2012-02-15 02:36 157144 c:\windows\SysWOW64\ativvsva.dat
+ 2009-07-14 05:30 . 2012-03-08 12:25 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-08 07:13 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-08 12:24 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-03-08 07:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-15 02:36 . 2012-02-15 02:36 204952 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ativvsvl.dat
+ 2012-02-15 02:36 . 2012-02-15 02:36 157144 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ativvsva.dat
+ 2012-02-15 03:11 . 2012-02-15 03:11 120320 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atitmm64.dll
+ 2010-08-27 18:33 . 2010-08-27 18:33 332800 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ATIODE.exe
+ 2012-02-15 02:13 . 2012-02-15 02:13 327680 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atikmpag.sys
+ 2012-01-10 21:10 . 2012-01-10 21:10 601728 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiicdxx.dat
+ 2012-02-15 03:13 . 2012-02-15 03:13 235520 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiesrxx.exe
+ 2012-02-15 03:13 . 2012-02-15 03:13 496128 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atieclxx.exe
+ 2012-02-15 03:13 . 2012-02-15 03:13 442368 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\ATIDEMGX.dll
+ 2012-02-15 03:17 . 2012-02-15 03:17 957952 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticfx64.dll
+ 2012-02-15 03:18 . 2012-02-15 03:18 791040 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticfx32.dll
+ 2009-05-11 21:35 . 2009-05-11 21:35 118784 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atibtmon.exe
+ 2012-02-15 03:18 . 2012-02-15 03:18 159744 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiapfxx.exe
+ 2012-02-15 02:13 . 2012-02-15 02:13 356352 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiadlxy.dll
+ 2012-02-15 02:14 . 2012-02-15 02:14 512000 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiadlxx.dll
+ 2012-02-15 02:36 . 2012-02-15 02:36 204952 c:\windows\system32\ativvsvl.dat
+ 2012-02-15 02:36 . 2012-02-15 02:36 157144 c:\windows\system32\ativvsva.dat
+ 2010-08-27 18:33 . 2010-08-27 18:33 332800 c:\windows\system32\ATIODE.exe
- 2010-08-27 19:33 . 2010-08-27 19:33 332800 c:\windows\system32\ATIODE.exe
+ 2012-01-10 21:10 . 2012-01-10 21:10 601728 c:\windows\system32\atiicdxx.dat
+ 2009-05-11 21:35 . 2009-05-11 21:35 118784 c:\windows\system32\atibtmon.exe
- 2009-05-11 22:35 . 2009-05-11 22:35 118784 c:\windows\system32\atibtmon.exe
- 2009-07-14 05:01 . 2012-03-08 10:15 234016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-08 15:08 234016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-13 21:48 . 2012-02-13 21:48 408576 c:\windows\Installer\3c961.msi
+ 2012-02-29 20:32 . 2012-02-29 20:32 396800 c:\windows\Installer\3c93a.msi
+ 2012-02-29 20:32 . 2012-02-29 20:32 983552 c:\windows\Installer\3c934.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 795648 c:\windows\Installer\3c92e.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 781312 c:\windows\Installer\3c928.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 790528 c:\windows\Installer\3c922.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 872960 c:\windows\Installer\3c91c.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 769536 c:\windows\Installer\3c916.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 900096 c:\windows\Installer\3c910.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 782848 c:\windows\Installer\3c90a.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 802304 c:\windows\Installer\3c904.msi
+ 2012-02-29 20:31 . 2012-02-29 20:31 768000 c:\windows\Installer\3c8fe.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 774144 c:\windows\Installer\3c8f8.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 818176 c:\windows\Installer\3c8f2.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 838144 c:\windows\Installer\3c8ec.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 781824 c:\windows\Installer\3c8e6.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 808960 c:\windows\Installer\3c8e0.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 794112 c:\windows\Installer\3c8da.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 770048 c:\windows\Installer\3c8d4.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 782848 c:\windows\Installer\3c8ce.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 769536 c:\windows\Installer\3c8c8.msi
+ 2012-02-29 20:30 . 2012-02-29 20:30 920576 c:\windows\Installer\3c8c2.msi
+ 2012-02-29 20:29 . 2012-02-29 20:29 802816 c:\windows\Installer\3c8bc.msi
+ 2012-02-29 20:29 . 2012-02-29 20:29 775168 c:\windows\Installer\3c8b6.msi
+ 2012-02-29 20:29 . 2012-02-29 20:29 805376 c:\windows\Installer\3c8b0.msi
+ 2011-11-09 22:22 . 2011-11-09 22:22 507904 c:\windows\Installer\3c89d.msi
+ 2012-02-29 20:32 . 2012-02-29 20:32 630272 c:\windows\Installer\3c890.msi
+ 2012-03-08 11:29 . 2012-03-08 11:29 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-08 11:29 . 2012-03-08 11:29 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-02-15 02:29 . 2012-02-15 02:29 5062656 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumdva.dll
+ 2012-02-15 02:40 . 2012-02-15 02:40 1828864 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumdmv.dll
+ 2012-02-15 02:34 . 2012-02-15 02:34 5954048 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumdag.dll
+ 2012-02-15 02:41 . 2012-02-15 02:41 1113088 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumd6v.dll
+ 2012-02-15 02:40 . 2012-02-15 02:40 4958208 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumd6a.dll
+ 2012-02-15 02:25 . 2012-02-15 02:25 7551488 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atiumd64.dll
+ 2012-02-15 02:52 . 2012-02-15 02:52 7646208 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atidxx64.dll
+ 2012-02-15 03:07 . 2012-02-15 03:07 6200320 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atidxx32.dll
- 2011-11-01 19:17 . 2012-03-08 10:15 1570824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-01 19:17 . 2012-03-08 15:08 1570824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-29 20:38 . 2012-02-29 20:38 6863872 c:\windows\Installer\3c967.msi
+ 2012-02-29 20:38 . 2012-02-29 20:38 1776128 c:\windows\Installer\3c94d.msi
+ 2012-02-29 20:43 . 2012-02-29 20:43 1479680 c:\windows\Installer\3c947.msi
+ 2012-02-29 20:33 . 2012-02-29 20:33 1892352 c:\windows\Installer\3c8aa.msi
+ 2012-02-29 20:33 . 2012-02-29 20:33 2807296 c:\windows\Installer\3c8a4.msi
+ 2012-02-29 20:37 . 2012-02-29 20:37 8300544 c:\windows\Installer\3c897.msi
- 2012-03-06 20:36 . 2012-03-06 20:36 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-06 20:36 . 2012-03-06 20:36 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-08 11:28 . 2012-03-08 11:28 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-14 02:34 . 2012-03-08 06:38 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-08 12:41 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-15 02:58 . 2012-02-15 02:58 19392000 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atioglxx.dll
+ 2012-02-15 03:21 . 2012-02-15 03:21 25839104 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atio6axx.dll
+ 2012-02-15 03:48 . 2012-02-15 03:48 10856960 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atikmdag.sys
+ 2012-02-15 02:34 . 2012-02-15 02:34 13859840 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticaldd64.dll
+ 2012-02-15 02:29 . 2012-02-15 02:29 11561984 c:\windows\system32\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\aticaldd.dll
+ 2011-11-01 19:17 . 2012-03-08 15:09 27312124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-395887479-143600493-1226420593-1000-8192.dat
+ 2012-02-29 20:39 . 2012-02-29 20:39 17397760 c:\windows\Installer\3c95b.msi
+ 2012-02-29 20:28 . 2012-02-29 20:28 14503936 c:\windows\Installer\3c941.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 AVerA706_x64;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-20 30528]
R3 TunngleService;TunngleService;d:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;WatAdminSvc; [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 21:15]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"combofix"="c:\combofix\CF643.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: Interfaces\{DEA89BBA-8318-44B4-A04E-7760AD9CC305}: NameServer = 82.144.128.1,82.144.129.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\ShutterCZE\AppData\Roaming\Mozilla\Firefox\Profiles\d7do0x6d.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-395887479-143600493-1226420593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-395887479-143600493-1226420593-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-03-08 16:17:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-08 15:17
ComboFix2.txt 2012-03-08 10:26
.
Před spuštěním: 8 184 127 488
Po spuštění: 8 453 726 208
.
- - End Of File - - 721B81E45BE814B20604BF4128323F71

[shutterCZE]

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:29, on 8.3.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\ShutterCZE\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA89BBA-8318-44B4-A04E-7760AD9CC305}: NameServer = 82.144.128.1,82.144.129.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6719 bytes


Díky za pomoc už teď se PC zdá být rychlejší.

[shutterCZE]

Ten Virus Total je čistej.

[shutterCZE]

swMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 16:30:00
-----------------------------
16:30:00.006 OS Version: Windows x64 6.1.7600
16:30:00.006 Number of processors: 2 586 0x6B02
16:30:00.008 ComputerName: GAMINGBOREC-PC UserName: ShutterCZE
16:30:00.701 Initialize success
16:30:00.868 AVAST engine defs: 12030800
16:32:05.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:32:05.035 Disk 0 Vendor: WDC_WD2500AAJS-00VTA0 01.01B01 Size: 238474MB BusType: 3
16:32:05.048 Disk 0 MBR read successfully
16:32:05.052 Disk 0 MBR scan
16:32:05.056 Disk 0 Windows 7 default MBR code
16:32:05.064 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 65536 MB offset 2048
16:32:05.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 172936 MB offset 134219776
16:32:05.131 Disk 0 scanning C:\Windows\system32\drivers
16:32:15.017 Service scanning
16:32:27.100 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:32:31.842 Modules scanning
16:32:31.865 Disk 0 trace - called modules:
16:32:31.888 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80025aa2c0]<<spri.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:32:32.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800282a790]
16:32:32.246 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8002807310]
16:32:32.253 5 ACPI.sys[fffff88000d9f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800280c680]
16:32:32.262 \Driver\atapi[0xfffffa800263d760] -> IRP_MJ_CREATE -> 0xfffffa80025aa2c0
16:32:32.555 AVAST engine scan C:\Windows
16:32:34.624 AVAST engine scan C:\Windows\system32
16:35:09.847 AVAST engine scan C:\Windows\system32\drivers
16:35:22.514 AVAST engine scan C:\Users\ShutterCZE
16:39:58.732 AVAST engine scan C:\ProgramData
16:40:54.179 Scan finished successfully
16:43:34.049 Disk 0 MBR has been saved successfully to "C:\Users\ShutterCZE\Desktop\MBR.dat"
16:43:34.058 The log file has been saved successfully to "C:\Users\ShutterCZE\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.





Jak to vypadá nyní?

[shutterCZE]

Je to fajn. Moc dík za čas i rady