Logfile of random's system information tool 1.09 (written by random/random)
Run by ADELA at 2011-07-28 19:10:41
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 180 GB (75%) free of 238 GB
Total RAM: 3895 MB (65% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe" -sSONY_MEDIAMGR
"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\update.5.0\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\update.2\svchost.exe srv
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
WLIDSvcM.exe 2356
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\CNAB4RPD.EXE
"C:\Windows\update.2\svchost.exe" stand
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe"
"C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\update.tray-12-0\svchost.exe"
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\ADELA\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
"C:\Windows\systemup.exe" stand
"C:\Windows\l1rezerv.exe"
"C:\Windows\update.3\svchost.exe" stand
taskeng.exe {A5D43BC1-312B-44B1-A014-FCD8E5BE82E2}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-cfa5b3ef-4cdc-494a-b656-c3aa2e5157c9 -SystemEventPortName:HostProcess-ae014035-09dd-424a-ba43-0ca84e20d045 -IoCancelEventPortName:HostProcess-d55c4e0a-260a-4821-85af-be0abeba8b10 -NonStateChangingEventPortName:HostProcess-4ac7ca3d-fbcb-48dc-9254-3b467cfcbc36 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:497a3a60-5a20-41b3-ac6a-acefc44630a8
"F:\RSITx64.exe"
wmiadap.exe /R /T
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-02-28 1048888]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-09 595816]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-26 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-26 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-26 410648]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-10 520760]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-03 913720]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-09-10 4041032]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2010-09-23 884584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [2010-03-03 4581280]
"Google Update"=C:\Users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 136176]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"Meebo Notifier"=C:\Users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-07-14 818888]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
"NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"NPSStartup"= []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe []
"wxpdrv"=C:\Windows\services32.exe [2011-07-15 1170432]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-07-15 1170432]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7728081.exe"=C:\Windows\Temp\7728081.exe [2011-07-15 224768]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-25 256000]
"7101392.exe"=C:\Users\ADELA\AppData\Local\Temp\7101392.exe [2011-07-15 224768]
"systemup"=C:\Windows\systemup.exe [2011-07-15 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-22 232960]
"conhost"=C:\Users\ADELA\AppData\Roaming\Microsoft\conhost.exe []
"w_distrib.exe"=C:\Windows\update.3\svchost.exe [2011-07-19 727552]
"29780710-loader2.exe"=C:\Windows\Temp\29780710-loader2.exe [2011-07-21 245760]
"57544953-loader2.exe"=C:\Users\ADELA\AppData\Local\Temp\57544953-loader2.exe [2011-07-21 245760]
"19107027-loader2.exe"=C:\Windows\Temp\19107027-loader2.exe [2011-07-22 249344]
"4521282.exe"=C:\Windows\Temp\4521282.exe [2011-07-23 495616]
"84173.exe"=C:\Windows\Temp\84173.exe [2011-07-25 256000]
"1841767.exe"=C:\Windows\Temp\1841767.exe [2011-07-27 502272]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP2900 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-02-20 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-28 19:10:41 ----D---- C:\rsit
2011-07-28 19:10:41 ----D---- C:\Program Files\trend micro
2011-07-20 22:51:06 ----D---- C:\Users\ADELA\AppData\Roaming\Meebo
2011-07-19 12:43:05 ----A---- C:\Windows\w_distrib_iplist.txt
2011-07-19 12:42:43 ----HD---- C:\Windows\update.3
2011-07-19 09:52:37 ----AH---- C:\Windows\SYSWOW64\mlfcache.dat
2011-07-18 21:41:28 ----D---- C:\Program Files (x86)\Apple Software Update
2011-07-18 21:40:55 ----D---- C:\Program Files\Bonjour
2011-07-18 21:40:55 ----D---- C:\Program Files (x86)\Bonjour
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-17 10:54:32 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 22:06:48 ----AH---- C:\Windows\SYSWOW64\ezsidmv.dat
2011-07-15 19:19:35 ----A---- C:\Windows\ntbtlog.txt
2011-07-15 15:23:08 ----D---- C:\Windows\system32\SPReview
2011-07-15 15:22:02 ----D---- C:\Windows\system32\EventProviders
2011-07-15 15:20:05 ----D---- C:\Windows\ufa
2011-07-15 15:20:05 ----D---- C:\Windows\rpcminer
2011-07-15 15:20:05 ----D---- C:\Windows\phoenix
2011-07-15 15:20:04 ----A---- C:\Windows\unrar.exe
2011-07-15 15:19:28 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-15 15:19:25 ----A---- C:\Windows\ddh_iplist.txt
2011-07-15 15:19:24 ----A---- C:\Windows\l1rezerv.exe
2011-07-15 15:19:23 ----A---- C:\Windows\systemup.exe
2011-07-15 15:19:08 ----HD---- C:\Windows\update.5.0
2011-07-15 15:18:48 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-15 15:18:23 ----HD---- C:\Windows\update.2
2011-07-15 15:18:17 ----A---- C:\Windows\iplist.txt
2011-07-15 15:18:05 ----A---- C:\Windows\sysdriver32_.exe
2011-07-15 15:17:51 ----D---- C:\Windows\av_ico
2011-07-15 15:17:51 ----A---- C:\Windows\sysdriver32.exe
2011-07-15 15:17:23 ----A---- C:\Windows\front_ip_list.txt
2011-07-15 15:15:53 ----HD---- C:\Windows\update.1
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-ids.txt
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-dirs.txt
2011-07-15 15:05:10 ----A---- C:\Windows\services32.exe
2011-07-14 22:47:23 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 22:47:17 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 22:47:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64win.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\conhost.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-14 22:47:13 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-14 22:47:08 ----A---- C:\Windows\SYSWOW64\user.exe
2011-06-29 15:22:41 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 15:22:41 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 15:22:41 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 15:22:41 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 15:22:41 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 15:22:41 ----A---- C:\Windows\system32\cfgmgr32.dll
2011-06-29 15:22:39 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 15:22:39 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 15:22:38 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 15:22:38 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 15:22:37 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 15:22:37 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 15:22:37 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 15:22:37 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 15:22:37 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 15:22:37 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 15:22:36 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 15:22:36 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 15:22:36 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 15:22:36 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 15:22:36 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 15:22:36 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 15:22:35 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 15:22:35 ----A---- C:\Windows\system32\msscntrs.dll
======List of files/folders modified in the last 1 month======
2011-07-28 19:10:41 ----RD---- C:\Program Files
2011-07-28 19:10:41 ----D---- C:\Windows\Temp
2011-07-28 18:50:18 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-28 18:49:44 ----D---- C:\Windows\system32\config
2011-07-28 18:46:33 ----D---- C:\Users\ADELA\AppData\Roaming\ICQ
2011-07-28 12:24:42 ----D---- C:\Users\ADELA\AppData\Roaming\Skype
2011-07-28 08:12:36 ----SHD---- C:\Windows\Installer
2011-07-26 11:07:07 ----SHD---- C:\System Volume Information
2011-07-25 21:36:12 ----D---- C:\Download
2011-07-23 13:19:36 ----D---- C:\Windows\Minidump
2011-07-23 13:19:31 ----D---- C:\Windows
2011-07-22 17:39:52 ----D---- C:\Windows\system32\catroot2
2011-07-20 10:13:51 ----D---- C:\Windows\system32\drivers
2011-07-20 10:13:43 ----SD---- C:\Users\ADELA\AppData\Roaming\Microsoft
2011-07-20 00:31:57 ----D---- C:\Windows\SysWOW64
2011-07-19 15:29:57 ----D---- C:\Program Files (x86)\Google
2011-07-19 13:06:49 ----D---- C:\Programy
2011-07-19 09:52:18 ----D---- C:\Users\ADELA\AppData\Roaming\Apple Computer
2011-07-18 21:41:29 ----D---- C:\Windows\system32\Tasks
2011-07-18 21:41:28 ----RD---- C:\Program Files (x86)
2011-07-18 21:40:56 ----D---- C:\Windows\System32
2011-07-18 11:07:09 ----RD---- C:\Program Files (x86)\Skype
2011-07-18 11:07:08 ----D---- C:\ProgramData\Skype
2011-07-18 11:07:05 ----D---- C:\Program Files (x86)\Common Files
2011-07-18 11:06:50 ----D---- C:\Users\ADELA\AppData\Roaming\skypePM
2011-07-17 22:48:12 ----D---- C:\Windows\Microsoft.NET
2011-07-17 22:47:37 ----RSD---- C:\Windows\assembly
2011-07-17 11:28:17 ----D---- C:\Windows\winsxs
2011-07-17 10:49:48 ----D---- C:\Windows\system32\catroot
2011-07-15 22:06:48 ----HD---- C:\ProgramData
2011-07-15 19:48:23 ----D---- C:\Windows\system32\drivers\etc
2011-07-15 19:29:37 ----D---- C:\Windows\inf
2011-07-15 19:29:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-15 15:45:11 ----D---- C:\Windows\system32\DriverStore
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Mail
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Journal
2011-07-15 15:40:27 ----D---- C:\Program Files\DVD Maker
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-15 15:40:25 ----D---- C:\Windows\servicing
2011-07-15 15:40:25 ----D---- C:\Windows\ehome
2011-07-15 15:40:25 ----D---- C:\Program Files\Windows Defender
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\migration
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-15 15:40:05 ----D---- C:\Windows\system32\oobe
2011-07-15 15:40:05 ----D---- C:\Windows\system32\migration
2011-07-15 15:40:05 ----D---- C:\Windows\system32\en-US
2011-07-15 15:40:05 ----D---- C:\Windows\system32\da-DK
2011-07-15 15:40:04 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-15 15:40:02 ----D---- C:\Windows\system32\Setup
2011-07-15 15:40:02 ----D---- C:\Windows\system32\cs
2011-07-15 15:40:01 ----D---- C:\Windows\system32\sppui
2011-07-15 15:40:01 ----D---- C:\Windows\system32\manifeststore
2011-07-15 15:40:01 ----D---- C:\Windows\system32\es-ES
2011-07-15 15:40:01 ----D---- C:\Windows\system32\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\wbem
2011-07-15 15:40:00 ----D---- C:\Windows\system32\migwiz
2011-07-15 15:40:00 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\Dism
2011-07-15 15:39:46 ----RSD---- C:\Windows\Fonts
2011-07-15 15:39:45 ----D---- C:\Windows\AppPatch
2011-07-15 15:39:37 ----D---- C:\Windows\system32\Boot
2011-07-15 15:35:37 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-15 15:33:31 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-07-15 15:33:30 ----A---- C:\Windows\system32\msclmd.dll
2011-07-15 12:10:07 ----D---- C:\ProgramData\Skype Extras
2011-07-15 12:00:15 ----A---- C:\Windows\system32\MRT.exe
2011-07-15 11:50:28 ----D---- C:\Windows\system32\drivers\AVG
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-20 10300800]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-05-08 20520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-01 232992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-25 256000]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-15 1170432]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG10\avgfws.exe []
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Předem Děkuji za pomoc.
Vladimír Brachtl
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB vymazal AVG ... Prosím pomoc.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Přeji opět dobrý večer.
Děkuji velice pěkně za rychlou odpověď.
Až teď se dostávám k vypsání protokolu.
Zde je:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7312
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
28.7.2011 23:25:11
mbam-log-2011-07-28 (23-24-52).txt
Typ: Rychlá kontrola
Kontrolované objekty: 209739
Uplynulý čas: 3 minut, 45 sekund
Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 19
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 109
Infikované procesy v paměti:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 1692 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2392 -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 4332 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 4892 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 4908 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 524 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3536 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1840 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1984 -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> 4964 -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7728081.exe (Trojan.Agent) -> Value: 7728081.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7101392.exe (Trojan.Agent) -> Value: 7101392.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\29780710-loader2.exe (Trojan.Agent) -> Value: 29780710-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\57544953-loader2.exe (Trojan.Agent) -> Value: 57544953-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\19107027-loader2.exe (Trojan.Agent) -> Value: 19107027-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84173.exe (Trojan.Agent) -> Value: 84173.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1841767.exe (Trojan.Agent) -> Value: 1841767.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4521282.exe (Trojan.Agent) -> Value: 4521282.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované soubory:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\7728081.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7101392.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\29780710-loader2.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\57544953-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\19107027-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\84173.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\27729083.exe (Trojan.Downloader) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\6614835.exe (Trojan.BCMiner) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\6768207.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7118327.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7441438.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7938662.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8435333.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8538741.exe (Trojan.Agent.H) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8612306.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1383357.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1697542.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\2046714.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\Temp\2411038.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2472837.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\2724957.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3097449.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3188948.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\346980.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3588411.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3726726.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\44305_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\4533239.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4683943.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4750867.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\492119.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\5207666.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5208678.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5225100.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5231479.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5700599.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5957687.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\68142586.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\6932437.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\7029896.exe (Backdoor.Delf) -> No action taken.
c:\Windows\Temp\7100292.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7378649.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7394942.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7508984.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7553131.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7712460.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\Temp\795889.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8421628.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8453915.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\8572844.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\8802385.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8917414.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9019358.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\912229.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9303518.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9588535.exe (Trojan.Downloader) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1642365.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1693472.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1817501.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7583383.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1112688.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1234782.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1292591.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1448616.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1454745.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1841767.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2288559.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2762095.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3169429.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3391153.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3550491.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4125736.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4150823.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4244724.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4521282.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4891143.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5136005.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5250405.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5817647.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6849233.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8516382.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9028984.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9292078.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> No action taken.
Děkuji.......
Děkuji velice pěkně za rychlou odpověď.
Až teď se dostávám k vypsání protokolu.
Zde je:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7312
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
28.7.2011 23:25:11
mbam-log-2011-07-28 (23-24-52).txt
Typ: Rychlá kontrola
Kontrolované objekty: 209739
Uplynulý čas: 3 minut, 45 sekund
Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 19
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 109
Infikované procesy v paměti:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 1692 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2392 -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 4332 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 4892 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 4908 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 524 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3536 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1840 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1984 -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> 4964 -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7728081.exe (Trojan.Agent) -> Value: 7728081.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7101392.exe (Trojan.Agent) -> Value: 7101392.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\29780710-loader2.exe (Trojan.Agent) -> Value: 29780710-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\57544953-loader2.exe (Trojan.Agent) -> Value: 57544953-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\19107027-loader2.exe (Trojan.Agent) -> Value: 19107027-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84173.exe (Trojan.Agent) -> Value: 84173.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1841767.exe (Trojan.Agent) -> Value: 1841767.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4521282.exe (Trojan.Agent) -> Value: 4521282.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované soubory:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\7728081.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7101392.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\29780710-loader2.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\57544953-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\19107027-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\84173.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\27729083.exe (Trojan.Downloader) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\6614835.exe (Trojan.BCMiner) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\6768207.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7118327.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7441438.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7938662.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8435333.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8538741.exe (Trojan.Agent.H) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\8612306.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1383357.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1697542.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\2046714.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\Temp\2411038.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2472837.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\2724957.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3097449.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3188948.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\346980.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3588411.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3726726.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\44305_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\4533239.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4683943.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4750867.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\492119.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\5207666.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5208678.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5225100.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5231479.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5700599.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5957687.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\68142586.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\6932437.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\7029896.exe (Backdoor.Delf) -> No action taken.
c:\Windows\Temp\7100292.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7378649.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7394942.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7508984.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7553131.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7712460.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\Temp\795889.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8421628.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8453915.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\8572844.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\8802385.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8917414.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9019358.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\912229.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9303518.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9588535.exe (Trojan.Downloader) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1642365.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1693472.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\1817501.exe (Trojan.Agent) -> No action taken.
c:\Users\ADELA\AppData\Local\Temp\7583383.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1112688.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1234782.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1292591.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1448616.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1454745.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1841767.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2288559.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2762095.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3169429.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3391153.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3550491.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4125736.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4150823.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4244724.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4521282.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4891143.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5136005.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5250405.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5817647.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6849233.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8516382.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9028984.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9292078.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> No action taken.
Děkuji.......
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Vše, co MBAM nalezl, smažte. Restartujte a dejte nový log z RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Děkuji...
Za chvilečku se jdu do toho pustit.
Děkuji.
Za chvilečku se jdu do toho pustit.
Děkuji.
Re: FB vymazal AVG ... Prosím pomoc.
Opět přeji hezké odpoledne.
Test jsem provedl a odstranil v nouzovém režimu všechny položky.
Následně jsem provedl další test a ten vyšel bez pozitivního nálezu. Jak mám prosím postupovat dál?
Děkuji za odpověď.
V.Brachtl
Test jsem provedl a odstranil v nouzovém režimu všechny položky.
Následně jsem provedl další test a ten vyšel bez pozitivního nálezu. Jak mám prosím postupovat dál?
Děkuji za odpověď.
V.Brachtl
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Dejte nový log z RSIT. Před tím restartujte PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Povedlo se.
Zde přikládam log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7328
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
30.7.2011 21:23:09
mbam-log-2011-07-30 (21-23-09).txt
Typ: Rychlá kontrola
Kontrolované objekty: 209387
Uplynulý čas: 3 minut, 46 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Dá se ze je to čisté...
Co mám teď dále prosím udělat?
Zde přikládam log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7328
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
30.7.2011 21:23:09
mbam-log-2011-07-30 (21-23-09).txt
Typ: Rychlá kontrola
Kontrolované objekty: 209387
Uplynulý čas: 3 minut, 46 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Dá se ze je to čisté...
Co mám teď dále prosím udělat?
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Toto je log z MBAM. Potřebuji RSIT (jak ten ve vašem prvním postu).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Omlouvám se.
Tak ten log je zde:
Logfile of random's system information tool 1.09 (written by random/random)
Run by ADELA at 2011-07-30 22:42:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 189 GB (79%) free of 238 GB
Total RAM: 3895 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:42:55, on 30.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Users\ADELA\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ADELA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [84173.exe] "C:\Windows\Temp\84173.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ 7.5\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ 7.5\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgfws.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15124 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe" -sSONY_MEDIAMGR
"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\CNAB4RPD.EXE
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2516
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe"
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
"C:\Users\ADELA\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
taskeng.exe {2D1C13CA-622A-4ABD-8F11-06B2225C05AB}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4700.03E9A468.566007680 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ADELA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll" --lang=cs --channel=4700.01EAEF38.1878566092 /prefetch:4
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4700.083622E8.734481353 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\ADELA\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ADELA\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=cs --channel=4700.08417E60.1521667106 /prefetch:4 --flash-broker=4824
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dd24505a-ec86-47c2-8d35-8dadf552b04b -SystemEventPortName:HostProcess-91c498fd-4a74-4056-bcd6-753f0128b07e -IoCancelEventPortName:HostProcess-c200a719-14d0-494f-bd03-01b675d6911e -NonStateChangingEventPortName:HostProcess-0f883d28-76ee-4f21-81e2-f228fb18c151 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:723636f8-6ce3-40ba-9899-1b4a907ae350
"F:\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-02-28 1048888]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-09 595816]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-26 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-26 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-26 410648]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-10 520760]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-03 913720]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-09-10 4041032]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2010-09-23 884584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [2010-03-03 4581280]
"Google Update"=C:\Users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 136176]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"Meebo Notifier"=C:\Users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-07-14 818888]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
"NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"NPSStartup"= []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"84173.exe"=C:\Windows\Temp\84173.exe []
"Malwarebytes' Anti-Malware"=C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP2900 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-02-20 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-28 21:23:40 ----D---- C:\Users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 21:23:21 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-07-28 21:23:20 ----D---- C:\ProgramData\Malwarebytes
2011-07-28 21:23:17 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-28 19:10:41 ----D---- C:\rsit
2011-07-28 19:10:41 ----D---- C:\Program Files\trend micro
2011-07-20 22:51:06 ----D---- C:\Users\ADELA\AppData\Roaming\Meebo
2011-07-19 12:43:05 ----A---- C:\Windows\w_distrib_iplist.txt
2011-07-19 12:42:43 ----HD---- C:\Windows\update.3
2011-07-19 09:52:37 ----AH---- C:\Windows\SYSWOW64\mlfcache.dat
2011-07-18 21:41:28 ----D---- C:\Program Files (x86)\Apple Software Update
2011-07-18 21:40:55 ----D---- C:\Program Files\Bonjour
2011-07-18 21:40:55 ----D---- C:\Program Files (x86)\Bonjour
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-17 10:54:32 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 22:06:48 ----AH---- C:\Windows\SYSWOW64\ezsidmv.dat
2011-07-15 19:19:35 ----A---- C:\Windows\ntbtlog.txt
2011-07-15 15:23:08 ----D---- C:\Windows\system32\SPReview
2011-07-15 15:22:02 ----D---- C:\Windows\system32\EventProviders
2011-07-15 15:20:05 ----D---- C:\Windows\ufa
2011-07-15 15:20:05 ----D---- C:\Windows\phoenix
2011-07-15 15:20:04 ----A---- C:\Windows\unrar.exe
2011-07-15 15:19:28 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-15 15:19:25 ----A---- C:\Windows\ddh_iplist.txt
2011-07-15 15:19:08 ----HD---- C:\Windows\update.5.0
2011-07-15 15:18:48 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-15 15:18:23 ----HD---- C:\Windows\update.2
2011-07-15 15:18:17 ----A---- C:\Windows\iplist.txt
2011-07-15 15:17:51 ----D---- C:\Windows\av_ico
2011-07-15 15:17:23 ----A---- C:\Windows\front_ip_list.txt
2011-07-15 15:15:53 ----HD---- C:\Windows\update.1
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-ids.txt
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-dirs.txt
2011-07-14 22:47:23 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 22:47:17 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 22:47:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64win.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\conhost.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-14 22:47:13 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-14 22:47:08 ----A---- C:\Windows\SYSWOW64\user.exe
======List of files/folders modified in the last 1 month======
2011-07-30 22:42:55 ----D---- C:\Windows\Prefetch
2011-07-30 22:42:49 ----D---- C:\Windows\Temp
2011-07-30 22:34:42 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-30 21:42:17 ----D---- C:\Windows\system32\config
2011-07-30 21:10:25 ----SHD---- C:\System Volume Information
2011-07-30 20:41:48 ----D---- C:\Download
2011-07-30 17:21:08 ----D---- C:\Windows
2011-07-28 21:23:21 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-28 21:23:20 ----HD---- C:\ProgramData
2011-07-28 21:23:17 ----D---- C:\Windows\system32\drivers
2011-07-28 21:23:17 ----D---- C:\Programy
2011-07-28 20:37:51 ----D---- C:\Windows\rescache
2011-07-28 19:13:46 ----D---- C:\Windows\System32
2011-07-28 19:13:46 ----D---- C:\Windows\inf
2011-07-28 19:13:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-28 19:10:41 ----RD---- C:\Program Files
2011-07-28 18:46:33 ----D---- C:\Users\ADELA\AppData\Roaming\ICQ
2011-07-28 12:24:42 ----D---- C:\Users\ADELA\AppData\Roaming\Skype
2011-07-28 08:12:36 ----SHD---- C:\Windows\Installer
2011-07-23 13:19:36 ----D---- C:\Windows\Minidump
2011-07-22 17:39:52 ----D---- C:\Windows\system32\catroot2
2011-07-20 10:13:43 ----SD---- C:\Users\ADELA\AppData\Roaming\Microsoft
2011-07-20 00:31:57 ----D---- C:\Windows\SysWOW64
2011-07-19 15:29:57 ----D---- C:\Program Files (x86)\Google
2011-07-19 09:52:18 ----D---- C:\Users\ADELA\AppData\Roaming\Apple Computer
2011-07-18 21:41:29 ----D---- C:\Windows\system32\Tasks
2011-07-18 21:41:28 ----RD---- C:\Program Files (x86)
2011-07-18 11:07:09 ----RD---- C:\Program Files (x86)\Skype
2011-07-18 11:07:08 ----D---- C:\ProgramData\Skype
2011-07-18 11:07:05 ----D---- C:\Program Files (x86)\Common Files
2011-07-18 11:06:50 ----D---- C:\Users\ADELA\AppData\Roaming\skypePM
2011-07-17 22:48:12 ----D---- C:\Windows\Microsoft.NET
2011-07-17 22:47:37 ----RSD---- C:\Windows\assembly
2011-07-17 11:28:17 ----D---- C:\Windows\winsxs
2011-07-17 10:49:48 ----D---- C:\Windows\system32\catroot
2011-07-15 19:48:23 ----D---- C:\Windows\system32\drivers\etc
2011-07-15 15:45:11 ----D---- C:\Windows\system32\DriverStore
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Mail
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Journal
2011-07-15 15:40:27 ----D---- C:\Program Files\DVD Maker
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-15 15:40:25 ----D---- C:\Windows\servicing
2011-07-15 15:40:25 ----D---- C:\Windows\ehome
2011-07-15 15:40:25 ----D---- C:\Program Files\Windows Defender
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\migration
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-15 15:40:05 ----D---- C:\Windows\system32\oobe
2011-07-15 15:40:05 ----D---- C:\Windows\system32\migration
2011-07-15 15:40:05 ----D---- C:\Windows\system32\en-US
2011-07-15 15:40:05 ----D---- C:\Windows\system32\da-DK
2011-07-15 15:40:04 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-15 15:40:02 ----D---- C:\Windows\system32\Setup
2011-07-15 15:40:02 ----D---- C:\Windows\system32\cs
2011-07-15 15:40:01 ----D---- C:\Windows\system32\sppui
2011-07-15 15:40:01 ----D---- C:\Windows\system32\manifeststore
2011-07-15 15:40:01 ----D---- C:\Windows\system32\es-ES
2011-07-15 15:40:01 ----D---- C:\Windows\system32\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\wbem
2011-07-15 15:40:00 ----D---- C:\Windows\system32\migwiz
2011-07-15 15:40:00 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\Dism
2011-07-15 15:39:46 ----RSD---- C:\Windows\Fonts
2011-07-15 15:39:45 ----D---- C:\Windows\AppPatch
2011-07-15 15:39:37 ----D---- C:\Windows\system32\Boot
2011-07-15 15:35:37 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-15 15:33:31 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-07-15 15:33:30 ----A---- C:\Windows\system32\msclmd.dll
2011-07-15 12:10:07 ----D---- C:\ProgramData\Skype Extras
2011-07-15 12:00:15 ----A---- C:\Windows\system32\MRT.exe
2011-07-15 11:50:28 ----D---- C:\Windows\system32\drivers\AVG
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-20 10300800]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-05-08 20520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-01 232992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 MBAMService;MBAMService; C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG10\avgfws.exe []
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Děkuji.
V.Brachtl
Tak ten log je zde:
Logfile of random's system information tool 1.09 (written by random/random)
Run by ADELA at 2011-07-30 22:42:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 189 GB (79%) free of 238 GB
Total RAM: 3895 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:42:55, on 30.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Users\ADELA\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ADELA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_0.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [84173.exe] "C:\Windows\Temp\84173.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ 7.5\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ 7.5\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgfws.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15124 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe" -sSONY_MEDIAMGR
"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\CNAB4RPD.EXE
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2516
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe"
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
"C:\Users\ADELA\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
taskeng.exe {2D1C13CA-622A-4ABD-8F11-06B2225C05AB}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4700.03E9A468.566007680 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ADELA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll" --lang=cs --channel=4700.01EAEF38.1878566092 /prefetch:4
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4700.083622E8.734481353 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\ADELA\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\ADELA\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ADELA\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=cs --channel=4700.08417E60.1521667106 /prefetch:4 --flash-broker=4824
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dd24505a-ec86-47c2-8d35-8dadf552b04b -SystemEventPortName:HostProcess-91c498fd-4a74-4056-bcd6-753f0128b07e -IoCancelEventPortName:HostProcess-c200a719-14d0-494f-bd03-01b675d6911e -NonStateChangingEventPortName:HostProcess-0f883d28-76ee-4f21-81e2-f228fb18c151 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:723636f8-6ce3-40ba-9899-1b4a907ae350
"F:\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-02-28 1048888]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_0.dll [2010-10-18 3908192]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-09 595816]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-26 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-26 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-26 410648]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-10 520760]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-03 913720]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-09-10 4041032]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2010-09-23 884584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [2010-03-03 4581280]
"Google Update"=C:\Users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 136176]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"Meebo Notifier"=C:\Users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-07-14 818888]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
"NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"NPSStartup"= []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"84173.exe"=C:\Windows\Temp\84173.exe []
"Malwarebytes' Anti-Malware"=C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP2900 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-02-20 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-28 21:23:40 ----D---- C:\Users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 21:23:21 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-07-28 21:23:20 ----D---- C:\ProgramData\Malwarebytes
2011-07-28 21:23:17 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-28 19:10:41 ----D---- C:\rsit
2011-07-28 19:10:41 ----D---- C:\Program Files\trend micro
2011-07-20 22:51:06 ----D---- C:\Users\ADELA\AppData\Roaming\Meebo
2011-07-19 12:43:05 ----A---- C:\Windows\w_distrib_iplist.txt
2011-07-19 12:42:43 ----HD---- C:\Windows\update.3
2011-07-19 09:52:37 ----AH---- C:\Windows\SYSWOW64\mlfcache.dat
2011-07-18 21:41:28 ----D---- C:\Program Files (x86)\Apple Software Update
2011-07-18 21:40:55 ----D---- C:\Program Files\Bonjour
2011-07-18 21:40:55 ----D---- C:\Program Files (x86)\Bonjour
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-17 10:54:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 10:54:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-17 10:54:32 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 10:54:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 22:06:48 ----AH---- C:\Windows\SYSWOW64\ezsidmv.dat
2011-07-15 19:19:35 ----A---- C:\Windows\ntbtlog.txt
2011-07-15 15:23:08 ----D---- C:\Windows\system32\SPReview
2011-07-15 15:22:02 ----D---- C:\Windows\system32\EventProviders
2011-07-15 15:20:05 ----D---- C:\Windows\ufa
2011-07-15 15:20:05 ----D---- C:\Windows\phoenix
2011-07-15 15:20:04 ----A---- C:\Windows\unrar.exe
2011-07-15 15:19:28 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-15 15:19:25 ----A---- C:\Windows\ddh_iplist.txt
2011-07-15 15:19:08 ----HD---- C:\Windows\update.5.0
2011-07-15 15:18:48 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-15 15:18:23 ----HD---- C:\Windows\update.2
2011-07-15 15:18:17 ----A---- C:\Windows\iplist.txt
2011-07-15 15:17:51 ----D---- C:\Windows\av_ico
2011-07-15 15:17:23 ----A---- C:\Windows\front_ip_list.txt
2011-07-15 15:15:53 ----HD---- C:\Windows\update.1
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-15 15:15:22 ----HD---- C:\Windows\update.tray-12-0
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-ids.txt
2011-07-15 15:05:17 ----A---- C:\Windows\winlog-dirs.txt
2011-07-14 22:47:23 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 22:47:17 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 22:47:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64win.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\wow64.dll
2011-07-14 22:47:14 ----A---- C:\Windows\system32\conhost.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-14 22:47:13 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-14 22:47:13 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 22:47:13 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-14 22:47:08 ----A---- C:\Windows\SYSWOW64\user.exe
======List of files/folders modified in the last 1 month======
2011-07-30 22:42:55 ----D---- C:\Windows\Prefetch
2011-07-30 22:42:49 ----D---- C:\Windows\Temp
2011-07-30 22:34:42 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-30 21:42:17 ----D---- C:\Windows\system32\config
2011-07-30 21:10:25 ----SHD---- C:\System Volume Information
2011-07-30 20:41:48 ----D---- C:\Download
2011-07-30 17:21:08 ----D---- C:\Windows
2011-07-28 21:23:21 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-28 21:23:20 ----HD---- C:\ProgramData
2011-07-28 21:23:17 ----D---- C:\Windows\system32\drivers
2011-07-28 21:23:17 ----D---- C:\Programy
2011-07-28 20:37:51 ----D---- C:\Windows\rescache
2011-07-28 19:13:46 ----D---- C:\Windows\System32
2011-07-28 19:13:46 ----D---- C:\Windows\inf
2011-07-28 19:13:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-28 19:10:41 ----RD---- C:\Program Files
2011-07-28 18:46:33 ----D---- C:\Users\ADELA\AppData\Roaming\ICQ
2011-07-28 12:24:42 ----D---- C:\Users\ADELA\AppData\Roaming\Skype
2011-07-28 08:12:36 ----SHD---- C:\Windows\Installer
2011-07-23 13:19:36 ----D---- C:\Windows\Minidump
2011-07-22 17:39:52 ----D---- C:\Windows\system32\catroot2
2011-07-20 10:13:43 ----SD---- C:\Users\ADELA\AppData\Roaming\Microsoft
2011-07-20 00:31:57 ----D---- C:\Windows\SysWOW64
2011-07-19 15:29:57 ----D---- C:\Program Files (x86)\Google
2011-07-19 09:52:18 ----D---- C:\Users\ADELA\AppData\Roaming\Apple Computer
2011-07-18 21:41:29 ----D---- C:\Windows\system32\Tasks
2011-07-18 21:41:28 ----RD---- C:\Program Files (x86)
2011-07-18 11:07:09 ----RD---- C:\Program Files (x86)\Skype
2011-07-18 11:07:08 ----D---- C:\ProgramData\Skype
2011-07-18 11:07:05 ----D---- C:\Program Files (x86)\Common Files
2011-07-18 11:06:50 ----D---- C:\Users\ADELA\AppData\Roaming\skypePM
2011-07-17 22:48:12 ----D---- C:\Windows\Microsoft.NET
2011-07-17 22:47:37 ----RSD---- C:\Windows\assembly
2011-07-17 11:28:17 ----D---- C:\Windows\winsxs
2011-07-17 10:49:48 ----D---- C:\Windows\system32\catroot
2011-07-15 19:48:23 ----D---- C:\Windows\system32\drivers\etc
2011-07-15 15:45:11 ----D---- C:\Windows\system32\DriverStore
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Mail
2011-07-15 15:40:27 ----D---- C:\Program Files\Windows Journal
2011-07-15 15:40:27 ----D---- C:\Program Files\DVD Maker
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-15 15:40:27 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-15 15:40:25 ----D---- C:\Windows\servicing
2011-07-15 15:40:25 ----D---- C:\Windows\ehome
2011-07-15 15:40:25 ----D---- C:\Program Files\Windows Defender
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\migration
2011-07-15 15:40:20 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\cs
2011-07-15 15:40:19 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-15 15:40:18 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-15 15:40:05 ----D---- C:\Windows\system32\oobe
2011-07-15 15:40:05 ----D---- C:\Windows\system32\migration
2011-07-15 15:40:05 ----D---- C:\Windows\system32\en-US
2011-07-15 15:40:05 ----D---- C:\Windows\system32\da-DK
2011-07-15 15:40:04 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-15 15:40:02 ----D---- C:\Windows\system32\Setup
2011-07-15 15:40:02 ----D---- C:\Windows\system32\cs
2011-07-15 15:40:01 ----D---- C:\Windows\system32\sppui
2011-07-15 15:40:01 ----D---- C:\Windows\system32\manifeststore
2011-07-15 15:40:01 ----D---- C:\Windows\system32\es-ES
2011-07-15 15:40:01 ----D---- C:\Windows\system32\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\wbem
2011-07-15 15:40:00 ----D---- C:\Windows\system32\migwiz
2011-07-15 15:40:00 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-15 15:40:00 ----D---- C:\Windows\system32\Dism
2011-07-15 15:39:46 ----RSD---- C:\Windows\Fonts
2011-07-15 15:39:45 ----D---- C:\Windows\AppPatch
2011-07-15 15:39:37 ----D---- C:\Windows\system32\Boot
2011-07-15 15:35:37 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-15 15:33:31 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-07-15 15:33:30 ----A---- C:\Windows\system32\msclmd.dll
2011-07-15 12:10:07 ----D---- C:\ProgramData\Skype Extras
2011-07-15 12:00:15 ----A---- C:\Windows\system32\MRT.exe
2011-07-15 11:50:28 ----D---- C:\Windows\system32\drivers\AVG
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-20 10300800]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-05-08 20520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-01 232992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 MBAMService;MBAMService; C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG10\avgfws.exe []
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Děkuji.
V.Brachtl
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Zbytky tam ještě jsou. Udělejte sken ComboFix a dejte log:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Doufám, že se to povedlo.
Zde přikládám log.
ComboFix 11-07-31.01 - ADELA 30.07.2011 23:03:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3895.2332 [GMT 2:00]
Spuštěný z: c:\users\ADELA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\ADELA\AppData\Roaming\EurekaLog
c:\users\ADELA\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\system
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Who\AppData\Local\temp
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-30 19:10 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01ED99C0-55DA-427C-9ED3-ECA0687F67F1}\mpengine.dll
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 17:10 . 2011-07-30 20:57 -------- d-----w- C:\rsit
2011-07-28 17:10 . 2011-07-30 20:55 -------- d-----w- c:\program files\trend micro
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Roaming\Meebo
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Local\Meebo
2011-07-18 19:41 . 2011-07-18 19:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files\Bonjour
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-15 13:23 . 2011-07-15 13:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-15 13:22 . 2011-07-15 13:22 -------- d-----w- c:\windows\system32\EventProviders
2011-07-15 13:20 . 2011-07-15 13:20 -------- d-----w- c:\windows\ufa
2011-07-15 13:20 . 2011-07-17 18:30 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 13:17 . 2011-07-15 13:17 -------- d-----w- c:\windows\av_ico
2011-07-15 13:15 . 2011-07-30 20:32 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-15 13:15 . 2011-07-30 15:20 -------- d--h--w- c:\windows\update.tray-12-0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-15 13:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-04 14:15 . 2011-06-04 14:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 448512 ----a-w- c:\windows\system32\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-03 05:57 . 2011-07-14 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-05-06 18:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 13:22 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 13:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 13:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 13:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 13:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 13:22 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 13:22 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 13:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 13:22 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 13:22 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 13:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 13:22 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 13:22 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 13:22 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 13:22 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 13:22 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 13:22 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 13:22 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 13:22 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 13:22 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 13:22 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 13:22 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 13:22 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-15 20:17 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 20:17 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Meebo Notifier"="c:\users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Who\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-2-1 60384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 81.92.145.2 81.92.145.227 10.110.72.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="3F438AACC319D67D5A3B1ED5FEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D14074AEF7BF4BCEBA7491C9071C6FCB1E5022CFE71FB1B0E5AFB5BAD65FC6DD9EBB0B81481E3FEDEFA3B2F20651946384BA2C67B4F39E7F8FDDE759C5DCD16AE9B44F433E2566CAB32ADBAD147216EA3F7FD72FCFBF1891310F189777B7EAE07CBBED46D5FB1759E0B84B6637FC7D76CA58E65FC2836F02462E13394D7E25A14859F711897AE91F36A365C46584C69FE2F5E9A2C67679663E86FCCFDF023C37CF57F28BB14DAB8E0564E291F81BE0EBB930FD1EAB23E767FBC72F57527BA97DA708619143D15E90BFAEC60498E86B3F678540FD1E54311171BD0936E4178843C6A74AA926394250EA4C387D1775CCD76A5F697A842D56841E40ACE8E678141A2FC99065BB760F1F9471AE8F996CE53F806D1F7EF6C2A05871FAE92B2A7CC0504E65F9746D0D558507A4D13B6AB3E3DAC2AD77FDA6BC4F1E4F2630FE973A68D4B0A3D1160A9266789F9CBD731DAE10BB7458A404E2C833F4B2CE2B8F89E2F9BD5EB4366EA9E54B08E22974C492AC241AE300411658012809F3C79C7D5E45872F63792D2D9F4BBC840F6C8CC0E073FE2A0E66F8EED1A73CDBBB888B82C636CDAF1B8E251D552874AF1A00B75C53E097E0D080D97EA1401426B5985CADB1A85A20362FBA43BBFB852E7699D2A6B85252067D7B24E14E9E3FE707C790279EE939A58CB3FD09AAC2482603E520FAAF26E5A97BF471B537A9AA4002282A7CAABDA16132C9C20B7EAF28189B41390E481914579C94728C50CF7DCC16FD0C7CCFC72EE49631B1F0DB221770503D85BB092917B5EA7C265BFC6A3D3D4AB2AB12DF5C6028473541F459B0112EA0334E0D768431A87AA5F0546B618B7C8C6E77AD10A982E430278354125358446B3C75A572ACF45314DD2FE95CBA2BD234F77F9519479D87857483A963338839639CA3EE06337A283AA6C0F1B5BE89CDC7BD8CB75D0D1EB0A631BCB0D0A55C8CDD989CCD983C8DD21820AB2791DDE106323A2CF40E1DED25037D94AA0562F12D200E1885BDD2C241C37A12E86ADD0D617447F2BE34C2E7E1B0983DB03A4B82081BCC7B6332B5A2A7E533908CE8E5C364DFEA94649F8A6E32BB229E918E7BC3A29BFC2616384A0254381EF8C0F2276754E19F2CB0A37FCFAB7B1F320F77556A90C61ECD6216A2250D912F349B931E35FD8F943ADF6B63E41E9289B706F89F53B619CF729554153E926F78B92F66AC0C49CAF119E938D4936DFDBEE1100426240D491A42F1FCE7E3402CC0D0020DAFAF83E6B6A97953554DFABB651785D21B3108480CB02CEBFC1F638CA646B43F955D2D88071D3EB8A6446D3473867700D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-30 23:43:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-30 21:43
.
Před spuštěním: Volných bajtů: 198 385 774 592
Po spuštění: Volných bajtů: 200 042 332 160
.
- - End Of File - - 2AFAFD94C06959BE01F4C8BE400C0FF7
Děkuji.
Zde přikládám log.
ComboFix 11-07-31.01 - ADELA 30.07.2011 23:03:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3895.2332 [GMT 2:00]
Spuštěný z: c:\users\ADELA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\ADELA\AppData\Roaming\EurekaLog
c:\users\ADELA\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\system
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Who\AppData\Local\temp
2011-07-30 21:16 . 2011-07-30 21:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-30 19:10 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01ED99C0-55DA-427C-9ED3-ECA0687F67F1}\mpengine.dll
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 17:10 . 2011-07-30 20:57 -------- d-----w- C:\rsit
2011-07-28 17:10 . 2011-07-30 20:55 -------- d-----w- c:\program files\trend micro
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Roaming\Meebo
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Local\Meebo
2011-07-18 19:41 . 2011-07-18 19:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files\Bonjour
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-15 13:23 . 2011-07-15 13:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-15 13:22 . 2011-07-15 13:22 -------- d-----w- c:\windows\system32\EventProviders
2011-07-15 13:20 . 2011-07-15 13:20 -------- d-----w- c:\windows\ufa
2011-07-15 13:20 . 2011-07-17 18:30 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 13:17 . 2011-07-15 13:17 -------- d-----w- c:\windows\av_ico
2011-07-15 13:15 . 2011-07-30 20:32 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-15 13:15 . 2011-07-30 15:20 -------- d--h--w- c:\windows\update.tray-12-0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-15 13:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-04 14:15 . 2011-06-04 14:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 448512 ----a-w- c:\windows\system32\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-03 05:57 . 2011-07-14 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-05-06 18:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 13:22 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 13:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 13:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 13:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 13:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 13:22 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 13:22 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 13:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 13:22 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 13:22 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 13:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 13:22 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 13:22 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 13:22 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 13:22 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 13:22 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 13:22 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 13:22 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 13:22 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 13:22 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 13:22 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 13:22 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 13:22 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-15 20:17 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 20:17 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Meebo Notifier"="c:\users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Who\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-2-1 60384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 81.92.145.2 81.92.145.227 10.110.72.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="3F438AACC319D67D5A3B1ED5FEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D14074AEF7BF4BCEBA7491C9071C6FCB1E5022CFE71FB1B0E5AFB5BAD65FC6DD9EBB0B81481E3FEDEFA3B2F20651946384BA2C67B4F39E7F8FDDE759C5DCD16AE9B44F433E2566CAB32ADBAD147216EA3F7FD72FCFBF1891310F189777B7EAE07CBBED46D5FB1759E0B84B6637FC7D76CA58E65FC2836F02462E13394D7E25A14859F711897AE91F36A365C46584C69FE2F5E9A2C67679663E86FCCFDF023C37CF57F28BB14DAB8E0564E291F81BE0EBB930FD1EAB23E767FBC72F57527BA97DA708619143D15E90BFAEC60498E86B3F678540FD1E54311171BD0936E4178843C6A74AA926394250EA4C387D1775CCD76A5F697A842D56841E40ACE8E678141A2FC99065BB760F1F9471AE8F996CE53F806D1F7EF6C2A05871FAE92B2A7CC0504E65F9746D0D558507A4D13B6AB3E3DAC2AD77FDA6BC4F1E4F2630FE973A68D4B0A3D1160A9266789F9CBD731DAE10BB7458A404E2C833F4B2CE2B8F89E2F9BD5EB4366EA9E54B08E22974C492AC241AE300411658012809F3C79C7D5E45872F63792D2D9F4BBC840F6C8CC0E073FE2A0E66F8EED1A73CDBBB888B82C636CDAF1B8E251D552874AF1A00B75C53E097E0D080D97EA1401426B5985CADB1A85A20362FBA43BBFB852E7699D2A6B85252067D7B24E14E9E3FE707C790279EE939A58CB3FD09AAC2482603E520FAAF26E5A97BF471B537A9AA4002282A7CAABDA16132C9C20B7EAF28189B41390E481914579C94728C50CF7DCC16FD0C7CCFC72EE49631B1F0DB221770503D85BB092917B5EA7C265BFC6A3D3D4AB2AB12DF5C6028473541F459B0112EA0334E0D768431A87AA5F0546B618B7C8C6E77AD10A982E430278354125358446B3C75A572ACF45314DD2FE95CBA2BD234F77F9519479D87857483A963338839639CA3EE06337A283AA6C0F1B5BE89CDC7BD8CB75D0D1EB0A631BCB0D0A55C8CDD989CCD983C8DD21820AB2791DDE106323A2CF40E1DED25037D94AA0562F12D200E1885BDD2C241C37A12E86ADD0D617447F2BE34C2E7E1B0983DB03A4B82081BCC7B6332B5A2A7E533908CE8E5C364DFEA94649F8A6E32BB229E918E7BC3A29BFC2616384A0254381EF8C0F2276754E19F2CB0A37FCFAB7B1F320F77556A90C61ECD6216A2250D912F349B931E35FD8F943ADF6B63E41E9289B706F89F53B619CF729554153E926F78B92F66AC0C49CAF119E938D4936DFDBEE1100426240D491A42F1FCE7E3402CC0D0020DAFAF83E6B6A97953554DFABB651785D21B3108480CB02CEBFC1F638CA646B43F955D2D88071D3EB8A6446D3473867700D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-30 23:43:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-30 21:43
.
Před spuštěním: Volných bajtů: 198 385 774 592
Po spuštění: Volných bajtů: 200 042 332 160
.
- - End Of File - - 2AFAFD94C06959BE01F4C8BE400C0FF7
Děkuji.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\unrar.exe
Folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vymazal AVG ... Prosím pomoc.
Přeji hezké odpoledne.
Zde přikládám log.
ComboFix 11-07-31.02 - ADELA 31.07.2011 12:39:38.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3895.2344 [GMT 2:00]
Spuštěný z: c:\users\ADELA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\ADELA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Who\AppData\Local\temp
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 19:10 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01ED99C0-55DA-427C-9ED3-ECA0687F67F1}\mpengine.dll
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 17:10 . 2011-07-31 10:31 -------- d-----w- C:\rsit
2011-07-28 17:10 . 2011-07-30 20:55 -------- d-----w- c:\program files\trend micro
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Roaming\Meebo
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Local\Meebo
2011-07-18 19:41 . 2011-07-18 19:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files\Bonjour
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-15 13:23 . 2011-07-15 13:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-15 13:22 . 2011-07-15 13:22 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-15 13:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-04 14:15 . 2011-06-04 14:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 448512 ----a-w- c:\windows\system32\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-03 05:57 . 2011-07-14 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-05-06 18:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 13:22 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 13:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 13:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 13:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 13:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 13:22 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 13:22 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 13:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 13:22 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 13:22 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 13:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 13:22 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 13:22 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 13:22 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 13:22 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 13:22 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 13:22 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 13:22 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 13:22 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 13:22 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 13:22 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 13:22 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 13:22 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-15 20:17 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 20:17 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_21.19.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-30 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-30 21:18 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-30 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-22 07:27 . 2011-07-31 10:48 64438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-31 10:48 38136 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-01 14:49 . 2011-07-31 10:48 21968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2958160234-2159953125-3628841175-1000_UserData.bin
+ 2010-09-04 21:29 . 2011-07-31 10:45 3306 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-30 21:18 . 2011-07-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 10:45 . 2011-07-31 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 21:18 . 2011-07-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-31 10:45 . 2011-07-31 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-30 21:18 307212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-31 10:45 307212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-21 15:11 . 2011-07-31 10:45 4473028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958160234-2159953125-3628841175-1000-12288.dat
- 2011-01-21 15:11 . 2011-07-30 19:42 4473028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958160234-2159953125-3628841175-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Meebo Notifier"="c:\users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Who\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-2-1 60384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 81.92.145.2 81.92.145.227 10.110.72.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="3F438AACC319D67D5A3B1ED5FEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D14074AEF7BF4BCEBA7491C9071C6FCB1E5022CFE71FB1B0E5AFB5BAD65FC6DD9EBB0B81481E3FEDEFA3B2F20651946384BA2C67B4F39E7F8FDDE759C5DCD16AE9B44F433E2566CAB32ADBAD147216EA3F7FD72FCFBF1891310F189777B7EAE07CBBED46D5FB1759E0B84B6637FC7D76CA58E65FC2836F02462E13394D7E25A14859F711897AE91F36A365C46584C69FE2F5E9A2C67679663E86FCCFDF023C37CF57F28BB14DAB8E0564E291F81BE0EBB930FD1EAB23E767FBC72F57527BA97DA708619143D15E90BFAEC60498E86B3F678540FD1E54311171BD0936E4178843C6A74AA926394250EA4C387D1775CCD76A5F697A842D56841E40ACE8E678141A2FC99065BB760F1F9471AE8F996CE53F806D1F7EF6C2A05871FAE92B2A7CC0504E65F9746D0D558507A4D13B6AB3E3DAC2AD77FDA6BC4F1E4F2630FE973A68D4B0A3D1160A9266789F9CBD731DAE10BB7458A404E2C833F4B2CE2B8F89E2F9BD5EB4366EA9E54B08E22974C492AC241AE300411658012809F3C79C7D5E45872F63792D2D9F4BBC840F6C8CC0E073FE2A0E66F8EED1A73CDBBB888B82C636CDAF1B8E251D552874AF1A00B75C53E097E0D080D97EA1401426B5985CADB1A85A20362FBA43BBFB852E7699D2A6B85252067D7B24E14E9E3FE707C790279EE939A58CB3FD09AAC2482603E520FAAF26E5A97BF471B537A9AA4002282A7CAABDA16132C9C20B7EAF28189B41390E481914579C94728C50CF7DCC16FD0C7CCFC72EE49631B1F0DB221770503D85BB092917B5EA7C265BFC6A3D3D4AB2AB12DF5C6028473541F459B0112EA0334E0D768431A87AA5F0546B618B7C8C6E77AD10A982E430278354125358446B3C75A572ACF45314DD2FE95CBA2BD234F77F9519479D87857483A963338839639CA3EE06337A283AA6C0F1B5BE89CDC7BD8CB75D0D1EB0A631BCB0D0A55C8CDD989CCD983C8DD21820AB2791DDE106323A2CF40E1DED25037D94AA0562F12D200E1885BDD2C241C37A12E86ADD0D617447F2BE34C2E7E1B0983DB03A4B82081BCC7B6332B5A2A7E533908CE8E5C364DFEA94649F8A6E32BB229E918E7BC3A29BFC2616384A0254381EF8C0F2276754E19F2CB0A37FCFAB7B1F320F77556A90C61ECD6216A2250D912F349B931E35FD8F943ADF6B63E41E9289B706F89F53B619CF729554153E926F78B92F66AC0C49CAF119E938D4936DFDBEE1100426240D491A42F1FCE7E3402CC0D0020DAFAF83E6B6A97953554DFABB651785D21B3108480CB02CEBFC1F638CA646B43F955D2D88071D3EB8A6446D3473867700D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 12:52:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 10:52
ComboFix2.txt 2011-07-31 10:28
ComboFix3.txt 2011-07-30 21:43
.
Před spuštěním: Volných bajtů: 200 095 281 152
Po spuštění: Volných bajtů: 200 067 588 096
.
- - End Of File - - DB34737B24FFA86A7FD6DC7D18F571A5
Děkuji za prohlédnutí...
Vladimír Brachtl
Zde přikládám log.
ComboFix 11-07-31.02 - ADELA 31.07.2011 12:39:38.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3895.2344 [GMT 2:00]
Spuštěný z: c:\users\ADELA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\ADELA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Who\AppData\Local\temp
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-31 10:45 . 2011-07-31 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 19:10 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01ED99C0-55DA-427C-9ED3-ECA0687F67F1}\mpengine.dll
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\users\ADELA\AppData\Roaming\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-28 19:23 . 2011-07-28 19:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 19:23 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 17:10 . 2011-07-31 10:31 -------- d-----w- C:\rsit
2011-07-28 17:10 . 2011-07-30 20:55 -------- d-----w- c:\program files\trend micro
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Roaming\Meebo
2011-07-20 20:51 . 2011-07-20 20:51 -------- d-----w- c:\users\ADELA\AppData\Local\Meebo
2011-07-18 19:41 . 2011-07-18 19:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files\Bonjour
2011-07-18 19:40 . 2011-07-18 19:40 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-15 13:23 . 2011-07-15 13:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-15 13:22 . 2011-07-15 13:22 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-15 13:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-04 14:15 . 2011-06-04 14:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-04 14:15 . 2011-06-04 14:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-04 14:15 . 2011-06-04 14:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-04 14:15 . 2011-06-04 14:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-04 14:15 . 2011-06-04 14:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-04 14:15 . 2011-06-04 14:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-04 14:15 . 2011-06-04 14:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-04 14:15 . 2011-06-04 14:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-04 14:15 . 2011-06-04 14:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-04 14:15 . 2011-06-04 14:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-04 14:15 . 2011-06-04 14:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-04 14:15 . 2011-06-04 14:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-04 14:15 . 2011-06-04 14:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-04 14:15 . 2011-06-04 14:15 448512 ----a-w- c:\windows\system32\html.iec
2011-06-04 14:15 . 2011-06-04 14:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-04 14:15 . 2011-06-04 14:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-04 14:15 . 2011-06-04 14:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-04 14:15 . 2011-06-04 14:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-04 14:15 . 2011-06-04 14:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-03 05:57 . 2011-07-14 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-05-06 18:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 13:22 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 13:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 13:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 13:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 13:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 13:22 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 13:22 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 13:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 13:22 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 13:22 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 13:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 13:22 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 13:22 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 13:22 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 13:22 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 13:22 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 13:22 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 13:22 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 13:22 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 13:22 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 13:22 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 13:22 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 13:22 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-15 20:17 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 20:17 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_21.19.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-30 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-30 21:18 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-30 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 10:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-22 07:27 . 2011-07-31 10:48 64438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-31 10:48 38136 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-01 14:49 . 2011-07-31 10:48 21968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2958160234-2159953125-3628841175-1000_UserData.bin
+ 2010-09-04 21:29 . 2011-07-31 10:45 3306 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-30 21:18 . 2011-07-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 10:45 . 2011-07-31 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 21:18 . 2011-07-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-31 10:45 . 2011-07-31 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-30 21:18 307212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-31 10:45 307212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-21 15:11 . 2011-07-31 10:45 4473028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958160234-2159953125-3628841175-1000-12288.dat
- 2011-01-21 15:11 . 2011-07-30 19:42 4473028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958160234-2159953125-3628841175-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Meebo Notifier"="c:\users\ADELA\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Who\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-2-1 60384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 13:52]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000Core.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1000UA.job
- c:\users\ADELA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 19:11]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001Core.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958160234-2159953125-3628841175-1001UA.job
- c:\users\Who\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-22 884584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 81.92.145.2 81.92.145.227 10.110.72.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2958160234-2159953125-3628841175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="3F438AACC319D67D5A3B1ED5FEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D14074AEF7BF4BCEBA7491C9071C6FCB1E5022CFE71FB1B0E5AFB5BAD65FC6DD9EBB0B81481E3FEDEFA3B2F20651946384BA2C67B4F39E7F8FDDE759C5DCD16AE9B44F433E2566CAB32ADBAD147216EA3F7FD72FCFBF1891310F189777B7EAE07CBBED46D5FB1759E0B84B6637FC7D76CA58E65FC2836F02462E13394D7E25A14859F711897AE91F36A365C46584C69FE2F5E9A2C67679663E86FCCFDF023C37CF57F28BB14DAB8E0564E291F81BE0EBB930FD1EAB23E767FBC72F57527BA97DA708619143D15E90BFAEC60498E86B3F678540FD1E54311171BD0936E4178843C6A74AA926394250EA4C387D1775CCD76A5F697A842D56841E40ACE8E678141A2FC99065BB760F1F9471AE8F996CE53F806D1F7EF6C2A05871FAE92B2A7CC0504E65F9746D0D558507A4D13B6AB3E3DAC2AD77FDA6BC4F1E4F2630FE973A68D4B0A3D1160A9266789F9CBD731DAE10BB7458A404E2C833F4B2CE2B8F89E2F9BD5EB4366EA9E54B08E22974C492AC241AE300411658012809F3C79C7D5E45872F63792D2D9F4BBC840F6C8CC0E073FE2A0E66F8EED1A73CDBBB888B82C636CDAF1B8E251D552874AF1A00B75C53E097E0D080D97EA1401426B5985CADB1A85A20362FBA43BBFB852E7699D2A6B85252067D7B24E14E9E3FE707C790279EE939A58CB3FD09AAC2482603E520FAAF26E5A97BF471B537A9AA4002282A7CAABDA16132C9C20B7EAF28189B41390E481914579C94728C50CF7DCC16FD0C7CCFC72EE49631B1F0DB221770503D85BB092917B5EA7C265BFC6A3D3D4AB2AB12DF5C6028473541F459B0112EA0334E0D768431A87AA5F0546B618B7C8C6E77AD10A982E430278354125358446B3C75A572ACF45314DD2FE95CBA2BD234F77F9519479D87857483A963338839639CA3EE06337A283AA6C0F1B5BE89CDC7BD8CB75D0D1EB0A631BCB0D0A55C8CDD989CCD983C8DD21820AB2791DDE106323A2CF40E1DED25037D94AA0562F12D200E1885BDD2C241C37A12E86ADD0D617447F2BE34C2E7E1B0983DB03A4B82081BCC7B6332B5A2A7E533908CE8E5C364DFEA94649F8A6E32BB229E918E7BC3A29BFC2616384A0254381EF8C0F2276754E19F2CB0A37FCFAB7B1F320F77556A90C61ECD6216A2250D912F349B931E35FD8F943ADF6B63E41E9289B706F89F53B619CF729554153E926F78B92F66AC0C49CAF119E938D4936DFDBEE1100426240D491A42F1FCE7E3402CC0D0020DAFAF83E6B6A97953554DFABB651785D21B3108480CB02CEBFC1F638CA646B43F955D2D88071D3EB8A6446D3473867700D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programy\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 12:52:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 10:52
ComboFix2.txt 2011-07-31 10:28
ComboFix3.txt 2011-07-30 21:43
.
Před spuštěním: Volných bajtů: 200 095 281 152
Po spuštění: Volných bajtů: 200 067 588 096
.
- - End Of File - - DB34737B24FFA86A7FD6DC7D18F571A5
Děkuji za prohlédnutí...
Vladimír Brachtl
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vymazal AVG ... Prosím pomoc.
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?