Pravdepodobne Adware

Zpráva

tweety10 · #1 Příspěvek od **tweety10** » 29 črc 2011 07:28

Uz dlhsie sa mi hocikedy na notebooku pustila nejaka kratka zvucka, bez toho aby sa otvorilo ine okno. Minuly tyzden sa to zhorsilo a hocikedy sa otvori uz aj IE okno s reklamou, ked necham dlhsie pusteny PC a pridem, je otvorenych aj 5 okien. Vedeli by ste poradit?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukáš at 2011-07-29 08:24:34
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 107 GB (45%) free of 240 GB
Total RAM: 3509 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:24:54, on 29. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\Lukáš\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\windows\system32\taskhost.exe
C:\windows\Jwonoa.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\LUK~1\AppData\Local\Temp\Jvx.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\Users\Lukáš\Desktop\RSIT.exe
C:\Program Files\trend micro\Lukáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\PC Translator\WebIE.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ImTOO Download YouTube Toolbar\tbcore3.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PC Translator\WebIE.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: ImTOO Download YouTube Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ImTOO Download YouTube Toolbar\tbcore3.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\LUK~1\AppData\Local\Temp\Jvx.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [ICS5R7Y0OS] C:\windows\Jwonoa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\PC Translator\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PC Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PC Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PC Translator\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc. - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 10231 bytes

======Scheduled tasks folder======

C:\windows\tasks\GlaryInitialize.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-842632507-934055853-3208546759-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-842632507-934055853-3208546759-1001UA.job
C:\windows\tasks\IPFZ.job
C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\zmbmoium.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778, {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, m3ffxtbr@mywebsearch.com:1.1, {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"

"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\1.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\zmbmoium.default\extensions\
{75656794-AB59-4712-BFBC-5D816D56F3BC}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\PC Translator\WebIE.dll [2010-12-01 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2003-06-30 337920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\ImTOO Download YouTube Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PC Translator\WebIE.dll [2010-12-01 503808]
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
{338B4DFE-2E2C-4338-9E41-E176D497299E} - ImTOO Download YouTube Toolbar - C:\Program Files\ImTOO Download YouTube Toolbar\tbcore3.dll [2010-02-16 2495488]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"R8388QA8U8"=C:\Users\LUK~1\AppData\Local\Temp\Jvx.exe [2011-05-07 158720]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
"ICS5R7Y0OS"=C:\windows\Jwonoa.exe [2011-05-07 152064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTV]
C:\Program Files\iTV\iTV.exe []

C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Lukáš\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"vidc.avrn"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"=C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"=C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-29 08:24:34 ----D---- C:\rsit
2011-07-29 08:24:34 ----D---- C:\Program Files\trend micro
2011-07-13 21:15:22 ----D---- C:\windows\LastGood
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 07:32:11 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 07:32:11 ----A---- C:\windows\system32\KernelBase.dll
2011-07-13 07:32:10 ----A---- C:\windows\system32\kernel32.dll
2011-07-13 07:32:09 ----A---- C:\windows\system32\winsrv.dll
2011-07-13 07:32:09 ----A---- C:\windows\system32\conhost.exe
2011-07-13 07:32:07 ----A---- C:\windows\system32\win32k.sys
2011-07-10 16:52:24 ----D---- C:\Program Files\Apple Software Update
2011-07-10 16:51:29 ----D---- C:\Program Files\iPod
2011-07-10 16:51:28 ----D---- C:\Program Files\iTunes
2011-07-10 16:49:37 ----D---- C:\Program Files\Bonjour
2011-07-05 17:37:50 ----D---- C:\Users\Lukáš\AppData\Roaming\Real
2011-07-05 08:29:23 ----D---- C:\Program Files\Mozilla Firefox
2011-07-03 18:22:39 ----A---- C:\windows\system32\SmartDefragBootTime.exe
2011-07-03 18:22:39 ----A---- C:\windows\system32\drivers\SmartDefragDriver.sys
2011-07-03 18:22:34 ----D---- C:\ProgramData\IObit
2011-07-03 10:16:26 ----D---- C:\Users\Lukáš\AppData\Roaming\vlc
2011-07-03 10:02:47 ----D---- C:\Program Files\AutoMapa EU
2011-07-03 09:55:56 ----A---- C:\AutoMapaSetupLog.txt

======List of files/folders modified in the last 1 month======

2011-07-29 08:24:45 ----D---- C:\windows\Prefetch
2011-07-29 08:24:34 ----RD---- C:\Program Files
2011-07-29 08:14:50 ----D---- C:\windows\system32\config
2011-07-29 08:13:21 ----SHD---- C:\System Volume Information
2011-07-29 08:11:39 ----D---- C:\windows\system32\Tasks
2011-07-29 08:11:38 ----D---- C:\windows\Tasks
2011-07-29 07:39:35 ----D---- C:\windows\Temp
2011-07-28 20:16:13 ----D---- C:\Users\Lukáš\AppData\Roaming\Dropbox
2011-07-27 16:32:53 ----D---- C:\windows\system32\NDF
2011-07-21 23:43:29 ----D---- C:\Users\Lukáš\AppData\Roaming\Skype
2011-07-18 20:35:13 ----AD---- C:\ProgramData\Temp
2011-07-18 06:54:22 ----SHD---- C:\windows\Installer
2011-07-13 21:15:22 ----D---- C:\windows\system32\drivers
2011-07-13 21:15:22 ----D---- C:\Windows
2011-07-13 21:08:32 ----D---- C:\windows\winsxs
2011-07-13 21:06:23 ----D---- C:\windows\System32
2011-07-13 21:06:22 ----D---- C:\windows\system32\DriverStore
2011-07-13 21:05:32 ----D---- C:\windows\debug
2011-07-13 21:05:31 ----A---- C:\windows\system32\MRT.exe
2011-07-13 21:05:24 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 20:59:34 ----D---- C:\windows\system32\catroot
2011-07-13 20:58:05 ----D---- C:\windows\inf
2011-07-13 20:58:05 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-13 07:32:04 ----D---- C:\windows\system32\catroot2
2011-07-11 22:23:30 ----D---- C:\windows\system32\wdi
2011-07-10 16:51:28 ----D---- C:\Program Files\Common Files\Apple
2011-07-10 14:22:28 ----D---- C:\Program Files\Google
2011-07-05 08:57:21 ----D---- C:\Program Files\Opera
2011-07-03 19:30:00 ----D---- C:\Users\Lukáš\AppData\Roaming\Winamp
2011-07-03 18:22:39 ----D---- C:\Users\Lukáš\AppData\Roaming\IObit
2011-07-03 18:22:38 ----D---- C:\Program Files\IObit
2011-07-03 18:22:34 ----HD---- C:\ProgramData
2011-07-03 18:00:36 ----RD---- C:\Program Files\Skype
2011-07-03 18:00:12 ----D---- C:\Program Files\iTV
2011-07-03 17:59:55 ----D---- C:\Users\Lukáš\AppData\Roaming\Octoshape
2011-07-03 17:58:27 ----D---- C:\Program Files\Samsung Casual Games
2011-07-03 17:55:45 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-03 17:55:45 ----D---- C:\Program Files\AnyPC Client
2011-07-03 17:55:14 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-04-27 435736]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SmartDefragDriver;SmartDefragDriver; C:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/28 18:28:19]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-08-28 87536]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2010-11-23 1249792]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-08-20 27632]
R3 CryptOSD;Phoenix CryptOSD Device Driver; C:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-12-15 2977248]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2010-11-27 10368]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-10-10 229424]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2007-07-11 101376]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer; C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 ProtexisLicensing;ProtexisLicensing; C:\windows\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-17 182768]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 29 črc 2011 07:34

Zdravim a pekny den preji

Vzdyt tam mate celou zoo s i babkou pokladni

Odinstalujte Advanced SystemCare 4 a nasledne i vse od IOBit - jsou to jen cinske smejdy, databazi haveti ukradli jine spolecnosti, spise jen skodi nez pomahaji

Proc nepouzivate antivir, pak se neni cemu divit

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

tweety10 · #3 Příspěvek od **tweety10** » 29 črc 2011 07:42

Nebol nutny restart

2011/07/29 08:40:53.0008 3664 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/29 08:40:53.0146 3664 ================================================================================
2011/07/29 08:40:53.0146 3664 SystemInfo:
2011/07/29 08:40:53.0146 3664
2011/07/29 08:40:53.0147 3664 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/29 08:40:53.0147 3664 Product type: Workstation
2011/07/29 08:40:53.0147 3664 ComputerName: LUKAS
2011/07/29 08:40:53.0147 3664 UserName: Lukáš
2011/07/29 08:40:53.0147 3664 Windows directory: C:\windows
2011/07/29 08:40:53.0147 3664 System windows directory: C:\windows
2011/07/29 08:40:53.0147 3664 Processor architecture: Intel x86
2011/07/29 08:40:53.0148 3664 Number of processors: 4
2011/07/29 08:40:53.0148 3664 Page size: 0x1000
2011/07/29 08:40:53.0148 3664 Boot type: Normal boot
2011/07/29 08:40:53.0148 3664 ================================================================================
2011/07/29 08:40:53.0567 3664 Initialize success
2011/07/29 08:41:02.0086 8860 ================================================================================
2011/07/29 08:41:02.0086 8860 Scan started
2011/07/29 08:41:02.0086 8860 Mode: Manual;
2011/07/29 08:41:02.0086 8860 ================================================================================
2011/07/29 08:41:02.0735 8860 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/07/29 08:41:02.0826 8860 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/07/29 08:41:02.0879 8860 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/07/29 08:41:02.0940 8860 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/29 08:41:02.0979 8860 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/29 08:41:03.0015 8860 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/29 08:41:03.0094 8860 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
2011/07/29 08:41:03.0150 8860 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/07/29 08:41:03.0215 8860 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/29 08:41:03.0261 8860 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/07/29 08:41:03.0299 8860 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/07/29 08:41:03.0347 8860 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/07/29 08:41:03.0390 8860 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/29 08:41:03.0418 8860 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/29 08:41:03.0476 8860 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
2011/07/29 08:41:03.0536 8860 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/29 08:41:03.0598 8860 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
2011/07/29 08:41:03.0660 8860 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/07/29 08:41:03.0769 8860 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/29 08:41:03.0797 8860 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/29 08:41:03.0886 8860 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/29 08:41:03.0946 8860 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/07/29 08:41:04.0022 8860 athr (ee32c0a39b6d3d0834c4d46d8c45e1d0) C:\windows\system32\DRIVERS\athr.sys
2011/07/29 08:41:04.0120 8860 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/29 08:41:04.0169 8860 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/29 08:41:04.0206 8860 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/29 08:41:04.0245 8860 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/29 08:41:04.0331 8860 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/07/29 08:41:04.0355 8860 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/29 08:41:04.0399 8860 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/29 08:41:04.0441 8860 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/29 08:41:04.0473 8860 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/29 08:41:04.0520 8860 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/29 08:41:04.0544 8860 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/29 08:41:04.0568 8860 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/29 08:41:04.0627 8860 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/29 08:41:04.0704 8860 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/07/29 08:41:04.0763 8860 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/29 08:41:04.0799 8860 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/29 08:41:04.0876 8860 clwvd (125c828bf3673406dfd642d7bee8434f) C:\windows\system32\DRIVERS\clwvd.sys
2011/07/29 08:41:04.0930 8860 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/29 08:41:04.0975 8860 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/07/29 08:41:05.0028 8860 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/29 08:41:05.0074 8860 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/29 08:41:05.0140 8860 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/07/29 08:41:05.0177 8860 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/29 08:41:05.0243 8860 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
2011/07/29 08:41:05.0334 8860 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/07/29 08:41:05.0359 8860 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/29 08:41:05.0419 8860 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/29 08:41:05.0469 8860 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/29 08:41:05.0508 8860 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/29 08:41:05.0596 8860 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/29 08:41:05.0762 8860 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/29 08:41:05.0814 8860 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/07/29 08:41:05.0850 8860 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/29 08:41:05.0870 8860 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/29 08:41:05.0917 8860 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/29 08:41:05.0958 8860 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/29 08:41:05.0976 8860 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/29 08:41:06.0011 8860 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/29 08:41:06.0040 8860 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/29 08:41:06.0075 8860 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/29 08:41:06.0125 8860 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/07/29 08:41:06.0169 8860 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/29 08:41:06.0226 8860 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/29 08:41:06.0261 8860 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/29 08:41:06.0333 8860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/29 08:41:06.0469 8860 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/29 08:41:06.0557 8860 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/07/29 08:41:06.0641 8860 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/07/29 08:41:06.0672 8860 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/29 08:41:06.0694 8860 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/29 08:41:06.0734 8860 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/29 08:41:06.0785 8860 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
2011/07/29 08:41:06.0834 8860 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/07/29 08:41:06.0891 8860 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/07/29 08:41:06.0951 8860 hwdatacard (84fd5702d136098e91b2770ba058deda) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/07/29 08:41:06.0997 8860 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/07/29 08:41:07.0087 8860 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/07/29 08:41:07.0143 8860 iaStor (eb3a2c773e202ced30595bbfad24febf) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/29 08:41:07.0193 8860 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
2011/07/29 08:41:07.0434 8860 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/29 08:41:07.0722 8860 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/29 08:41:07.0790 8860 Impcd (1e8154841a0a24d6b38778f07831a82b) C:\windows\system32\DRIVERS\Impcd.sys
2011/07/29 08:41:07.0891 8860 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/29 08:41:08.0050 8860 IntcDAud (2d79c681ce6d53a0c6c725a84594df4c) C:\windows\system32\DRIVERS\IntcDAud.sys
2011/07/29 08:41:08.0125 8860 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/07/29 08:41:08.0195 8860 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/29 08:41:08.0250 8860 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/29 08:41:08.0314 8860 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/07/29 08:41:08.0345 8860 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/29 08:41:08.0392 8860 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/29 08:41:08.0443 8860 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/07/29 08:41:08.0474 8860 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/07/29 08:41:08.0528 8860 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/07/29 08:41:08.0587 8860 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/07/29 08:41:08.0633 8860 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/07/29 08:41:08.0691 8860 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/29 08:41:08.0753 8860 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/29 08:41:08.0815 8860 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/29 08:41:08.0834 8860 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/29 08:41:08.0859 8860 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/29 08:41:08.0890 8860 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/29 08:41:08.0915 8860 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/29 08:41:08.0983 8860 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/29 08:41:09.0014 8860 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/29 08:41:09.0046 8860 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/29 08:41:09.0070 8860 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/29 08:41:09.0139 8860 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/07/29 08:41:09.0180 8860 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/29 08:41:09.0229 8860 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/07/29 08:41:09.0284 8860 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/07/29 08:41:09.0332 8860 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/07/29 08:41:09.0382 8860 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/07/29 08:41:09.0422 8860 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/29 08:41:09.0485 8860 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/07/29 08:41:09.0535 8860 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/29 08:41:09.0586 8860 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/29 08:41:09.0608 8860 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/29 08:41:09.0654 8860 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/07/29 08:41:09.0697 8860 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/07/29 08:41:09.0744 8860 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/29 08:41:09.0764 8860 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/29 08:41:09.0814 8860 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/07/29 08:41:09.0862 8860 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/29 08:41:09.0924 8860 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/29 08:41:09.0947 8860 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/29 08:41:09.0970 8860 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/29 08:41:09.0998 8860 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/07/29 08:41:10.0017 8860 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/29 08:41:10.0053 8860 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/29 08:41:10.0074 8860 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/29 08:41:10.0141 8860 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/29 08:41:10.0205 8860 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/07/29 08:41:10.0254 8860 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/29 08:41:10.0309 8860 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/29 08:41:10.0360 8860 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/29 08:41:10.0418 8860 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/29 08:41:10.0480 8860 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/07/29 08:41:10.0556 8860 Netaapl (1352e1648213551923a0a822e441553c) C:\windows\system32\DRIVERS\netaapl.sys
2011/07/29 08:41:10.0611 8860 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/29 08:41:10.0662 8860 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/07/29 08:41:10.0729 8860 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/29 08:41:10.0792 8860 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/29 08:41:10.0847 8860 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/29 08:41:10.0872 8860 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/29 08:41:10.0944 8860 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
2011/07/29 08:41:10.0973 8860 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/29 08:41:11.0025 8860 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
2011/07/29 08:41:11.0059 8860 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
2011/07/29 08:41:11.0093 8860 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/07/29 08:41:11.0159 8860 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/07/29 08:41:11.0219 8860 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/29 08:41:11.0260 8860 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/07/29 08:41:11.0289 8860 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/29 08:41:11.0346 8860 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/07/29 08:41:11.0370 8860 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/07/29 08:41:11.0399 8860 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/29 08:41:11.0432 8860 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/29 08:41:11.0466 8860 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/29 08:41:11.0572 8860 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\windows\system32\drivers\pfc.sys
2011/07/29 08:41:11.0656 8860 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/29 08:41:11.0680 8860 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/29 08:41:11.0730 8860 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/29 08:41:11.0800 8860 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/29 08:41:11.0860 8860 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/29 08:41:11.0896 8860 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/29 08:41:11.0927 8860 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/29 08:41:11.0984 8860 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/29 08:41:12.0016 8860 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/29 08:41:12.0038 8860 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/29 08:41:12.0052 8860 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/29 08:41:12.0109 8860 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/29 08:41:12.0155 8860 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/29 08:41:12.0213 8860 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/29 08:41:12.0268 8860 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/29 08:41:12.0286 8860 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/29 08:41:12.0341 8860 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/07/29 08:41:12.0405 8860 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/07/29 08:41:12.0483 8860 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/29 08:41:12.0519 8860 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/29 08:41:12.0578 8860 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/07/29 08:41:12.0642 8860 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/07/29 08:41:12.0700 8860 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/29 08:41:12.0758 8860 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/29 08:41:12.0813 8860 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/29 08:41:12.0859 8860 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/29 08:41:12.0908 8860 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/29 08:41:12.0973 8860 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/07/29 08:41:12.0997 8860 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/29 08:41:13.0029 8860 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/07/29 08:41:13.0072 8860 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/29 08:41:13.0123 8860 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/07/29 08:41:13.0160 8860 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/29 08:41:13.0186 8860 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/29 08:41:13.0236 8860 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/29 08:41:13.0284 8860 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/29 08:41:13.0352 8860 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
2011/07/29 08:41:13.0409 8860 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
2011/07/29 08:41:13.0436 8860 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/29 08:41:13.0484 8860 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/29 08:41:13.0548 8860 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/07/29 08:41:13.0610 8860 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/29 08:41:13.0708 8860 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\drivers\tcpip.sys
2011/07/29 08:41:13.0774 8860 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/29 08:41:13.0832 8860 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/07/29 08:41:13.0890 8860 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/07/29 08:41:13.0923 8860 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/07/29 08:41:13.0963 8860 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/07/29 08:41:14.0009 8860 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/07/29 08:41:14.0072 8860 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/29 08:41:14.0135 8860 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/07/29 08:41:14.0322 8860 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/07/29 08:41:14.0418 8860 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/29 08:41:14.0463 8860 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/29 08:41:14.0520 8860 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/07/29 08:41:14.0576 8860 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/07/29 08:41:14.0642 8860 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/07/29 08:41:14.0690 8860 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/29 08:41:14.0784 8860 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
2011/07/29 08:41:14.0802 8860 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/29 08:41:14.0853 8860 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/07/29 08:41:14.0885 8860 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
2011/07/29 08:41:14.0919 8860 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/29 08:41:14.0972 8860 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
2011/07/29 08:41:15.0019 8860 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/29 08:41:15.0055 8860 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/07/29 08:41:15.0098 8860 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
2011/07/29 08:41:15.0130 8860 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
2011/07/29 08:41:15.0209 8860 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/07/29 08:41:15.0313 8860 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/07/29 08:41:15.0369 8860 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/29 08:41:15.0404 8860 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/29 08:41:15.0433 8860 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/07/29 08:41:15.0480 8860 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/07/29 08:41:15.0513 8860 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/29 08:41:15.0542 8860 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/07/29 08:41:15.0596 8860 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/07/29 08:41:15.0634 8860 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/29 08:41:15.0688 8860 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/07/29 08:41:15.0746 8860 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/29 08:41:15.0776 8860 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/29 08:41:15.0803 8860 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/29 08:41:15.0836 8860 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/29 08:41:15.0902 8860 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/29 08:41:15.0922 8860 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/29 08:41:15.0978 8860 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/29 08:41:16.0010 8860 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/29 08:41:16.0081 8860 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/29 08:41:16.0107 8860 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/29 08:41:16.0239 8860 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/29 08:41:16.0306 8860 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/07/29 08:41:16.0368 8860 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/29 08:41:16.0434 8860 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/07/29 08:41:16.0478 8860 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/29 08:41:16.0540 8860 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/07/29 08:41:16.0677 8860 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
2011/07/29 08:41:16.0704 8860 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
2011/07/29 08:41:16.0992 8860 Boot (0x1200) (621e7f91b65adb80d338b5ba64fec279) \Device\Harddisk0\DR0\Partition0
2011/07/29 08:41:17.0026 8860 Boot (0x1200) (27062aa4a6a87994a32fc512b050170f) \Device\Harddisk0\DR0\Partition1
2011/07/29 08:41:17.0055 8860 Boot (0x1200) (952ec5a1a4677351707df1c01f7e3e45) \Device\Harddisk0\DR0\Partition2
2011/07/29 08:41:17.0060 8860 ================================================================================
2011/07/29 08:41:17.0060 8860 Scan finished
2011/07/29 08:41:17.0060 8860 ================================================================================
2011/07/29 08:41:17.0070 10020 Detected object count: 0
2011/07/29 08:41:17.0070 10020 Actual detected object count: 0

#4 Příspěvek od **vyosek** » 29 črc 2011 07:55

Odinstalaci veci od IOBit jste doufam provedl

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte

tweety10 · #5 Příspěvek od **tweety10** » 29 črc 2011 07:59

Samozrejme, vsetko odinstalovane

postupujem podla krokov

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Lukáš [Admin rights]
Mode: Remove -- Date : 07/29/2011 08:58:21

Bad processes: 4
[SUSP PATH] MSVCP71.dll -- C:\Users\Lukáš\AppData\Roaming\Dropbox\bin\MSVCP71.dll -> UNLOADED
[SUSP PATH] Jwonoa.exe -- c:\windows\jwonoa.exe -> KILLED
[SUSP PATH] Jvx.exe -- c:\users\luk~1\appdata\local\temp\jvx.exe -> KILLED
[SUSP PATH] MSVCP71.dll -- C:\Users\Lukáš\AppData\Roaming\Dropbox\bin\MSVCP71.dll -> UNLOADED

Registry Entries: 8
[SUSP PATH] HKCU\[...]\Run : R8388QA8U8 (C:\Users\LUK~1\AppData\Local\Temp\Jvx.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : ICS5R7Y0OS (C:\windows\Jwonoa.exe) -> DELETED
[SUSP PATH] {810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job : c:\windows\jwonoa.exe -> DELETED
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : c:\users\luk~1\appdata\local\temp\jvx.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 Příspěvek od **vyosek** » 29 črc 2011 09:02

A procpak nepouzivate antivir

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tweety10 · #7 Příspěvek od **tweety10** » 29 črc 2011 09:33

Aby som to uviedol na spravnu mieru, snazim sa dat dohromady kamaratov notebook, ale hned, ako dosriesim tieto problemy, hodim mu aj antivir

ComboFix 11-07-29.01 - Lukáš . 07. 2011 10:14:25.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3509.2389 [GMT 2:00]
Running from: c:\users\LukßÜ\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\pswi_preloaded.exe
c:\windows\iun6002.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 08:24 . 2011-07-29 08:24 0 ---ha-w- c:\users\Lukáš\AppData\Local\BIT1AB1.tmp
2011-07-29 08:20 . 2011-07-29 08:24 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2011-07-29 08:20 . 2011-07-29 08:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-29 08:20 . 2011-07-29 08:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-29 08:20 . 2011-07-29 08:20 -------- d-----w- c:\users\Administrator.Lukas\AppData\Local\temp
2011-07-29 08:11 . 2011-07-29 08:12 -------- d-----w- C:\32788R22FWJFW
2011-07-29 06:24 . 2011-07-29 06:24 -------- d-----w- C:\rsit
2011-07-29 06:24 . 2011-07-29 06:24 -------- d-----w- c:\program files\trend micro
2011-07-13 19:15 . 2011-07-13 19:15 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-10 14:52 . 2011-07-10 14:52 -------- d-----w- c:\program files\Apple Software Update
2011-07-10 14:51 . 2011-07-10 14:51 -------- d-----w- c:\program files\iPod
2011-07-10 14:51 . 2011-07-10 14:51 -------- d-----w- c:\program files\iTunes
2011-07-10 14:49 . 2011-07-10 14:49 -------- d-----w- c:\program files\Bonjour
2011-07-05 15:37 . 2011-07-05 15:37 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Real
2011-07-05 06:58 . 2011-07-05 06:58 -------- d-----w- c:\users\Lukáš\AppData\Local\{2EE52D85-2DF2-41B0-A4D0-C3B17D213461}
2011-07-03 16:22 . 2011-07-13 19:01 -------- d-----w- c:\programdata\IObit
2011-07-03 08:16 . 2011-07-08 18:03 -------- d-----w- c:\users\Lukáš\AppData\Roaming\vlc
2011-07-03 08:02 . 2011-07-03 08:25 -------- d-----w- c:\program files\AutoMapa EU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 13:13 . 2010-12-21 06:46 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-06-07 05:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 10:44 . 2011-06-29 05:25 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 06:06 . 2011-05-10 06:06 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 06:06 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-07 08:53 . 2011-05-07 08:53 152064 ----a-w- c:\windows\Jwonoa.exe
2011-05-04 04:34 . 2011-06-29 05:25 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32 . 2011-06-29 05:25 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32 . 2011-06-29 05:25 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32 . 2011-06-29 05:25 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32 . 2011-06-29 05:25 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 05:25 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 05:25 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28 . 2011-06-29 05:25 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 05:25 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 21:10 . 2011-05-03 21:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-03 21:10 . 2011-05-03 21:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-03 21:10 . 2011-05-03 21:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-03 21:10 . 2011-05-03 21:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-03 21:10 . 2011-05-03 21:10 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-03 21:10 . 2011-05-03 21:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-03 21:10 . 2011-05-03 21:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-03 21:10 . 2011-05-03 21:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-03 21:10 . 2011-05-03 21:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-03 21:10 . 2011-05-03 21:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-03 21:10 . 2011-05-03 21:10 367104 ----a-w- c:\windows\system32\html.iec
2011-05-03 21:10 . 2011-05-03 21:10 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-03 21:10 . 2011-05-03 21:10 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-03 21:10 . 2011-05-03 21:10 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-03 21:10 . 2011-05-03 21:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-03 21:10 . 2011-05-03 21:10 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-03 21:10 . 2011-05-03 21:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-03 21:10 . 2011-05-03 21:10 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-03 21:10 . 2011-05-03 21:10 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-03 04:30 . 2011-06-16 11:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:53 . 2011-07-05 06:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luk ç\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-11 18:27 136176 ----atw- c:\users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"R8388QA8U8"=c:\users\LUK~1\AppData\Local\Temp\Jvx.exe
"Jing"=c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/28 18:28];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-08-28 11:57 87536]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-20 27632]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-28 09:47]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 10:30]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with ImTOO Download YouTube Video - c:\program files\ImTOO\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\pc translator\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\zmbmoium.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-iTV - c:\program files\iTV\iTV.exe
AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2696)
c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-29 10:31:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-29 08:31
.
Pre-Run: 111 792 074 752 bytes free
Post-Run: 111 595 008 000 bytes free
.
- - End Of File - - 67CBA362D6EF9819BD622957C1C82399

#8 Příspěvek od **vyosek** » 29 črc 2011 09:40

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\program files\TechSmith\Jing\Jing.exe
c:\windows\Jwonoa.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

tweety10 · #9 Příspěvek od **tweety10** » 29 črc 2011 09:47

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: Jing.exe
Submission date: 2011-07-29 08:31:20 (UTC)
Current status: finished
Result: 1/ 43 (2.3%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.29.00 2011.07.29 -
AntiVir 7.11.12.162 2011.07.29 -
Antiy-AVL 2.0.3.7 2011.07.29 -
Avast 4.8.1351.0 2011.07.28 -
Avast5 5.0.677.0 2011.07.28 -
AVG 10.0.0.1190 2011.07.29 Suspicion: unknown virus
BitDefender 7.2 2011.07.29 -
CAT-QuickHeal 11.00 2011.07.29 -
ClamAV 0.97.0.0 2011.07.29 -
Commtouch 5.3.2.6 2011.07.29 -
Comodo 9551 2011.07.29 -
DrWeb 5.0.2.03300 2011.07.29 -
Emsisoft 5.1.0.8 2011.07.29 -
eSafe 7.0.17.0 2011.07.27 -
eTrust-Vet 36.1.8470 2011.07.28 -
F-Prot 4.6.2.117 2011.07.29 -
F-Secure 9.0.16440.0 2011.07.29 -
Fortinet 4.2.257.0 2011.07.29 -
GData 22 2011.07.29 -
Ikarus T3.1.1.104.0 2011.07.29 -
Jiangmin 13.0.900 2011.07.28 -
K7AntiVirus 9.109.4957 2011.07.28 -
Kaspersky 9.0.0.837 2011.07.29 -
McAfee 5.400.0.1158 2011.07.29 -
McAfee-GW-Edition 2010.1D 2011.07.29 -
Microsoft 1.7104 2011.07.29 -
NOD32 6333 2011.07.29 -
Norman 6.07.10 2011.07.29 -
nProtect 2011-07-29.02 2011.07.29 -
Panda 10.0.3.5 2011.07.28 -
PCTools 8.0.0.5 2011.07.29 -
Prevx 3.0 2011.07.29 -
Rising 23.68.04.03 2011.07.29 -
Sophos 4.67.0 2011.07.29 -
SUPERAntiSpyware 4.40.0.1006 2011.07.29 -
Symantec 20111.1.0.186 2011.07.29 -
TheHacker 6.7.0.1.264 2011.07.28 -
TrendMicro 9.200.0.1012 2011.07.29 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.29 -
VBA32 3.12.16.4 2011.07.28 -
VIPRE 9998 2011.07.29 -
ViRobot 2011.7.29.4594 2011.07.29 -
VirusBuster 14.0.144.0 2011.07.28 -

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: Jwonoa.exe
Submission date: 2011-07-29 08:42:39 (UTC)
Current status: finished
Result: 28/ 43 (65.1%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.29.00 2011.07.29 -
AntiVir 7.11.12.162 2011.07.29 -
Antiy-AVL 2.0.3.7 2011.07.29 Trojan/Win32.CodecPack.gen
Avast 4.8.1351.0 2011.07.28 -
Avast5 5.0.677.0 2011.07.28 Win32:Downloader-GZA [Trj]
AVG 10.0.0.1190 2011.07.29 FakeAV.OJT
BitDefender 7.2 2011.07.29 Gen:Variant.Kazy.22404
CAT-QuickHeal 11.00 2011.07.29 Trojan.Renos.OE
ClamAV 0.97.0.0 2011.07.29 -
Commtouch 5.3.2.6 2011.07.29 W32/Alureon.H!Generic
Comodo 9551 2011.07.29 TrojWare.Win32.Kryptik.BBTC
DrWeb 5.0.2.03300 2011.07.29 -
Emsisoft 5.1.0.8 2011.07.29 Trojan.Fakeav!IK
eSafe 7.0.17.0 2011.07.27 -
eTrust-Vet 36.1.8470 2011.07.28 Win32/FakeAV.AL!generic
F-Prot 4.6.2.117 2011.07.29 W32/Alureon.H!Generic
F-Secure 9.0.16440.0 2011.07.29 Gen:Variant.Kazy.22404
Fortinet 4.2.257.0 2011.07.29 W32/Delf.AR!tr
GData 22 2011.07.29 Gen:Variant.Kazy.22404
Ikarus T3.1.1.104.0 2011.07.29 Trojan.Fakeav
Jiangmin 13.0.900 2011.07.28 TrojanDownloader.CodecPack.bzt
K7AntiVirus 9.109.4957 2011.07.28 Virus
Kaspersky 9.0.0.837 2011.07.29 -
McAfee 5.400.0.1158 2011.07.29 Downloader-CEW.ba
McAfee-GW-Edition 2010.1D 2011.07.29 Downloader-CEW.ba
Microsoft 1.7104 2011.07.29 -
NOD32 6333 2011.07.29 -
Norman 6.07.10 2011.07.29 W32/Kryptik.NP
nProtect 2011-07-29.02 2011.07.29 Gen:Variant.Kazy.22404
Panda 10.0.3.5 2011.07.28 -
PCTools 8.0.0.5 2011.07.29 Trojan.FakeAV!rem
Prevx 3.0 2011.07.29 -
Rising 23.68.04.03 2011.07.29 -
Sophos 4.67.0 2011.07.29 Sus/UnkPack-C
SUPERAntiSpyware 4.40.0.1006 2011.07.29 Trojan.Agent/Gen-FakeSecurity
Symantec 20111.1.0.186 2011.07.29 Trojan.FakeAV
TheHacker 6.7.0.1.264 2011.07.28 Trojan/Kryptik.nls
TrendMicro 9.200.0.1012 2011.07.29 TROJ_FAKEAV.SM91
TrendMicro-HouseCall 9.200.0.1012 2011.07.29 TROJ_FAKEAV.SM91
VBA32 3.12.16.4 2011.07.28 -
VIPRE 9998 2011.07.29 virtool.win32.obfuscator.da!e (v)
ViRobot 2011.7.29.4594 2011.07.29 -
VirusBuster 14.0.144.0 2011.07.28 -

#10 Příspěvek od **vyosek** » 29 črc 2011 11:01

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\users\LUK~1\AppData\Local\Temp\Jvx.exe
c:\windows\Jwonoa.exe

Folder::
c:\programdata\IObit
c:\progra~1\MYWEBS~1\

File::
c:\users\Lukáš\AppData\Local\BIT1AB1.tmp
c:\program files\DVDVideoSoftTB\tbDVDV.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
"AdobeUpdater6"=-
"R8388QA8U8"=-
"Jing"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

Driver::
gupdate
gupdatem

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tweety10 · #11 Příspěvek od **tweety10** » 29 črc 2011 11:20

ComboFix 11-07-29.01 - Lukáš . 07. 2011 12:11:31.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3509.2470 [GMT 2:00]
Running from: c:\users\LukßÜ\Desktop\ComboFix.exe
Command switches used :: c:\users\LukßÜ\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 10:17 . 2011-07-29 10:17 -------- d-----w- c:\users\Lukas\AppData\Local\temp
2011-07-29 10:17 . 2011-07-29 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-29 10:17 . 2011-07-29 10:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-29 10:17 . 2011-07-29 10:17 -------- d-----w- c:\users\Administrator.Lukas\AppData\Local\temp
2011-07-29 08:20 . 2011-07-29 10:17 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2011-07-29 06:24 . 2011-07-29 06:24 -------- d-----w- C:\rsit
2011-07-29 06:24 . 2011-07-29 06:24 -------- d-----w- c:\program files\trend micro
2011-07-10 14:52 . 2011-07-10 14:52 -------- d-----w- c:\program files\Apple Software Update
2011-07-10 14:51 . 2011-07-10 14:51 -------- d-----w- c:\program files\iPod
2011-07-10 14:51 . 2011-07-10 14:51 -------- d-----w- c:\program files\iTunes
2011-07-10 14:49 . 2011-07-10 14:49 -------- d-----w- c:\program files\Bonjour
2011-07-05 15:37 . 2011-07-05 15:37 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Real
2011-07-05 06:58 . 2011-07-05 06:58 -------- d-----w- c:\users\Lukáš\AppData\Local\{2EE52D85-2DF2-41B0-A4D0-C3B17D213461}
2011-07-03 16:22 . 2011-07-13 19:01 -------- d-----w- c:\programdata\IObit
2011-07-03 08:16 . 2011-07-08 18:03 -------- d-----w- c:\users\Lukáš\AppData\Roaming\vlc
2011-07-03 08:02 . 2011-07-03 08:25 -------- d-----w- c:\program files\AutoMapa EU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 13:13 . 2010-12-21 06:46 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-06-07 05:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 10:44 . 2011-06-29 05:25 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 06:06 . 2011-05-10 06:06 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 06:06 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-07 08:53 . 2011-05-07 08:53 152064 ----a-w- c:\windows\Jwonoa.exe
2011-05-04 04:34 . 2011-06-29 05:25 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32 . 2011-06-29 05:25 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32 . 2011-06-29 05:25 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32 . 2011-06-29 05:25 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32 . 2011-06-29 05:25 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 05:25 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 05:25 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28 . 2011-06-29 05:25 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 05:25 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 21:10 . 2011-05-03 21:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-03 21:10 . 2011-05-03 21:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-03 21:10 . 2011-05-03 21:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-03 21:10 . 2011-05-03 21:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-03 21:10 . 2011-05-03 21:10 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-03 21:10 . 2011-05-03 21:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-03 21:10 . 2011-05-03 21:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-03 21:10 . 2011-05-03 21:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-03 21:10 . 2011-05-03 21:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-03 21:10 . 2011-05-03 21:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-03 21:10 . 2011-05-03 21:10 367104 ----a-w- c:\windows\system32\html.iec
2011-05-03 21:10 . 2011-05-03 21:10 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-03 21:10 . 2011-05-03 21:10 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-03 21:10 . 2011-05-03 21:10 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-03 21:10 . 2011-05-03 21:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-03 21:10 . 2011-05-03 21:10 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-03 21:10 . 2011-05-03 21:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-03 21:10 . 2011-05-03 21:10 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-03 21:10 . 2011-05-03 21:10 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-03 04:30 . 2011-06-16 11:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:53 . 2011-07-05 06:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luk ç\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-11 18:27 136176 ----atw- c:\users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"R8388QA8U8"=c:\users\LUK~1\AppData\Local\Temp\Jvx.exe
"Jing"=c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/28 18:28];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-08-28 11:57 87536]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-20 27632]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-28 09:47]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 10:30]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with ImTOO Download YouTube Video - c:\program files\ImTOO\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Lukáš\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\pc translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\pc translator\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\zmbmoium.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6000)
c:\users\Lukáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-07-29 12:19:35
ComboFix-quarantined-files.txt 2011-07-29 10:19
ComboFix2.txt 2011-07-29 08:31
.
Pre-Run: 111 645 007 872 bytes free
Post-Run: 111 584 563 200 bytes free
.
- - End Of File - - 3AFC53400370AE320447C4924A736A2E

#12 Příspěvek od **vyosek** » 29 črc 2011 11:25

CFko nejak neprovedlo co melo, nevadi, pujdem na to jinak

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
"AdobeUpdater6"=-
"R8388QA8U8"=-
"Jing"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

:services
gupdate
gupdatem

:files
c:\users\Lukáš\AppData\Local\BIT1AB1.tmp
c:\program files\DVDVideoSoftTB\tbDVDV.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\programdata\IObit
c:\progra~1\MYWEBS~1\
c:\users\LUK~1\AppData\Local\Temp\Jvx.exe
c:\windows\Jwonoa.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

tweety10 · #13 Příspěvek od **tweety10** » 29 črc 2011 11:30

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\AdobeUpdater6 deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\R8388QA8U8 deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\Jing deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled\\MyWebSearch Email Plugin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder c:\users\Lukáš\AppData\Local\BIT1AB1.tmp not found.
c:\program files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\programdata\IObit\Game Booster folder moved successfully.
c:\programdata\IObit\Advanced SystemCare V4 folder moved successfully.
c:\programdata\IObit folder moved successfully.
Folder c:\progra~1\MYWEBS~1 not found.
File/Folder c:\users\LUK~1\AppData\Local\Temp\Jvx.exe not found.
c:\windows\Jwonoa.exe moved successfully.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
C:\windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.Lukas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lukas
->Temp folder emptied: 0 bytes

User: Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2108750 bytes
->Java cache emptied: 2013062 bytes
->FireFox cache emptied: 163179895 bytes
->Google Chrome cache emptied: 455893293 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 3475671 bytes
->Flash cache emptied: 27494 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 598.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 07292011_122747

Files moved on Reboot...

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 29 črc 2011 11:31

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

tweety10 · #15 Příspěvek od **tweety10** » 29 črc 2011 11:38

Hned prvy krok zlyhal, po zadani ComboFix /Uninstall do Spustenia vyhodilo nasledovne:

Obrázek

VIRY.CZ

Pravdepodobne Adware

Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware

Re: Pravdepodobne Adware