Jako mnoho ostatních, jsem padl do sítě viru sociální sítě, kdy jsem si opravdu myslel, že anglické texty opravdu píše kamarádka, a jak jsem na to také dojel..
Když jsem viděl, že jde po antiviru, automaticky mě napadlo použít Malwarebytes Anti-Malware, jestli půjde-Projel jsem scan a vymazal. Nevím ejstli je to teď dobře, nebo špatně, snad jsem nezkomplikoval práci, případně se hodně omlouvám..
Log RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Luky at 2011-08-22 11:51:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 338 GB (57%) free of 595 GB
Total RAM: 8099 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:22, on 22.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programy\DAEMON Tools Lite\DTShellHlp.exe
C:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Luky.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [7461402.exe] "C:\Windows\Temp\7461402.exe"
O4 - HKLM\..\Run: [3370905.exe] "C:\Windows\TEMP\3370905.exe"
O4 - HKLM\..\Run: [7001104.exe] "C:\Windows\Temp\7001104.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Programy\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Programy\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Programy\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13722 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 22234784
\??\C:\Windows\system32\conhost.exe "6062512941107810474-1435685104-1031430867-116397907113385110061078735648-930066270
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
C:\Windows\Explorer.EXE
"C:\Windows\update.7.1\svchostdriver.exe" stand
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2516
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Luky"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Windows\System32\ico.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\DellTPad\HidFind.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "1782176707985245079-1034473375-678803347591185051-758067247670480674-1309939108
C:\Windows\system32\wbem\unsecapp.exe -Embedding
Pelmiced.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Programy\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe"
"C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Programy\DAEMON Tools Lite\DTShellHlp.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Programy\Mozilla Firefox\plugin-container.exe" --channel=5076.944f2e0.669478228 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Programy\Mozilla Firefox\omni.jar" 5076 "\\.\pipe\gecko-crash-server-pipe.5076" plugin
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Luky\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "chrome://speeddial/content/speeddial.xul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Programy\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Programy\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdeployJava1.dll
npdivx32.dll
npdivx32.xpt
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\searchplugins\
askcom.xml
facebook.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-02 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-01-20 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-01-20 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-01-20 418328]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2011-01-05 592240]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2011-01-22 3666800]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2010-11-03 10228224]
"egui"=C:\Programy\ESET Smart Security\egui.exe /hide /waitservice []
"Mouse Suite 98 Daemon"=C:\Windows\system32\ICO.EXE [2008-04-03 94720]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-25 525312]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2011-05-21 326760]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"ShowBatteryBar"=C:\Programy\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]
"ICQ"=C:\Programy\ICQ7.5\ICQ.exe [2011-08-15 124216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration]
C:\Program Files (x86)\System Registration\prodreg.exe [2010-08-23 3926528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2010-08-20 487562]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellStage]
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2011-01-25 1802472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [2010-11-17 514544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programy\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [2010-11-25 240112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-05-23 431616]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-06 283160]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7461402.exe"=C:\Windows\Temp\7461402.exe [2011-08-22 258048]
"3370905.exe"=C:\Windows\TEMP\3370905.exe [2011-08-22 634880]
"7001104.exe"=C:\Windows\Temp\7001104.exe [2011-08-22 258048]
"Malwarebytes' Anti-Malware"=C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-05-20 560128]
"Launcher"=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [2011-01-13 165184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-08 384000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-22 11:50:20 ----D---- C:\rsit
2011-08-22 11:50:20 ----D---- C:\Program Files\trend micro
2011-08-22 11:38:51 ----D---- C:\Users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 11:29:52 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-22 11:29:51 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 11:29:49 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 11:24:32 ----A---- C:\Windows\w_distrib_iplist.txt
2011-08-22 11:24:02 ----HD---- C:\Windows\update.3
2011-08-22 11:23:37 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-22 11:23:35 ----D---- C:\Windows\ufa
2011-08-22 11:23:35 ----D---- C:\Windows\rpcminer
2011-08-22 11:23:35 ----D---- C:\Windows\phoenix
2011-08-22 11:23:23 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-22 11:23:20 ----HD---- C:\Windows\update.7.1
2011-08-22 11:23:04 ----HD---- C:\Windows\update.2
2011-08-22 11:22:28 ----A---- C:\Windows\unrar.exe
2011-08-22 11:22:21 ----HD---- C:\Windows\update.5.0
2011-08-22 11:21:42 ----A---- C:\Windows\iplist.txt
2011-08-22 11:21:09 ----A---- C:\Windows\front_ip_list.txt
2011-08-22 11:14:53 ----A---- C:\Windows\ntbtlog.txt
2011-08-22 11:01:59 ----D---- C:\Windows\av_ico
2011-08-22 10:59:56 ----HD---- C:\Windows\update.1
2011-08-22 10:59:55 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-08-22 10:59:55 ----HD---- C:\Windows\update.tray-3-0
2011-08-22 10:55:19 ----A---- C:\Windows\winlog-ids.txt
2011-08-22 10:55:19 ----A---- C:\Windows\winlog-dirs.txt
2011-08-21 23:00:30 ----D---- C:\Users\Luky\AppData\Roaming\Ambient Design
2011-08-18 11:24:58 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-08-18 11:16:51 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2011-08-18 11:13:07 ----D---- C:\Users\Luky\AppData\Roaming\OpenCandy
2011-08-11 01:08:10 ----D---- C:\e232c3ab3ace64e078f9cf
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 19:48:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:01 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 19:48:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:47:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 19:47:54 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 19:47:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 19:47:52 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 19:47:50 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 19:47:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 19:47:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 19:47:44 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\url.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 19:46:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 19:46:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 19:46:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-09 22:17:28 ----D---- C:\adobeTemp
2011-08-09 22:17:06 ----D---- C:\Program Files\Adobe
2011-08-09 22:16:51 ----D---- C:\Program Files\Common Files\Adobe
2011-08-06 00:02:50 ----D---- C:\Users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 12:21:22 ----A---- C:\Windows\SYSWOW64\libmysql_d.dll
2011-08-03 20:00:59 ----A---- C:\Windows\system32\MRT.exe
2011-08-03 19:36:08 ----D---- C:\Windows\system32\SPReview
2011-08-03 19:35:15 ----D---- C:\Windows\system32\EventProviders
2011-08-02 23:33:37 ----D---- C:\ProgramData\Blizzard
2011-08-02 15:32:58 ----D---- C:\Windows\Sun
2011-08-02 15:32:44 ----D---- C:\ProgramData\Sun
2011-08-02 15:32:01 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-02 15:31:47 ----D---- C:\Program Files (x86)\Java
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-07-29 14:13:32 ----D---- C:\Users\Luky\AppData\Roaming\Rovio
======List of files/folders modified in the last 1 month======
2011-08-22 11:51:20 ----AD---- C:\Windows\Temp
2011-08-22 11:50:20 ----RD---- C:\Program Files
2011-08-22 11:49:29 ----AD---- C:\Windows\System32
2011-08-22 11:49:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 11:49:28 ----D---- C:\Windows\inf
2011-08-22 11:47:19 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-22 11:47:17 ----D---- C:\Users\Luky\AppData\Roaming\ICQ
2011-08-22 11:45:40 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-22 11:44:55 ----D---- C:\ProgramData\NVIDIA
2011-08-22 11:44:18 ----D---- C:\Windows\system32\config
2011-08-22 11:43:46 ----AD---- C:\Windows
2011-08-22 11:29:52 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-22 11:29:51 ----HD---- C:\ProgramData
2011-08-22 11:29:49 ----D---- C:\Windows\system32\drivers
2011-08-22 11:29:49 ----D---- C:\Programy
2011-08-22 11:28:45 ----SHD---- C:\System Volume Information
2011-08-22 11:23:48 ----D---- C:\ProgramData\Sonic
2011-08-22 11:23:33 ----D---- C:\Windows\system32\drivers\etc
2011-08-21 23:13:08 ----SHD---- C:\Windows\Installer
2011-08-21 23:13:08 ----SHD---- C:\Config.Msi
2011-08-21 21:47:31 ----D---- C:\Users\Luky\AppData\Roaming\Skype
2011-08-21 14:19:51 ----D---- C:\Windows\Prefetch
2011-08-18 12:42:00 ----SHD---- C:\$Recycle.Bin
2011-08-18 12:41:54 ----RD---- C:\Users
2011-08-18 11:30:36 ----D---- C:\Hry
2011-08-18 11:26:18 ----D---- C:\Windows\system32\DriverStore
2011-08-18 11:26:18 ----D---- C:\Windows\system32\catroot
2011-08-18 11:24:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-18 11:16:51 ----RD---- C:\Program Files (x86)
2011-08-18 11:14:29 ----D---- C:\Windows\Tasks
2011-08-18 11:14:29 ----D---- C:\Windows\system32\Tasks
2011-08-18 11:13:29 ----D---- C:\Users\Luky\AppData\Roaming\uTorrent
2011-08-16 21:31:04 ----RD---- C:\Program Files (x86)\Skype
2011-08-16 21:31:02 ----D---- C:\ProgramData\Skype
2011-08-16 21:30:59 ----D---- C:\Program Files (x86)\Common Files
2011-08-16 21:30:41 ----D---- C:\Users\Luky\AppData\Roaming\skypePM
2011-08-14 23:39:30 ----D---- C:\ProgramData\PCDr
2011-08-14 22:35:13 ----D---- C:\Users\Luky\AppData\Roaming\Adobe
2011-08-11 16:19:43 ----D---- C:\Windows\Microsoft.NET
2011-08-11 16:19:40 ----RSD---- C:\Windows\assembly
2011-08-11 10:50:51 ----D---- C:\Windows\winsxs
2011-08-11 10:45:39 ----D---- C:\Windows\SysWOW64
2011-08-11 10:43:11 ----D---- C:\Windows\system32\catroot2
2011-08-11 10:38:18 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 10:38:18 ----D---- C:\Windows\system32\migration
2011-08-11 10:38:18 ----D---- C:\Windows\AppPatch
2011-08-11 10:38:18 ----D---- C:\Program Files\Internet Explorer
2011-08-11 10:38:18 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-09 22:19:07 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-08-09 22:17:46 ----D---- C:\Program Files (x86)\Adobe
2011-08-09 22:17:33 ----RSD---- C:\Windows\Fonts
2011-08-09 22:16:51 ----D---- C:\Program Files\Common Files
2011-08-09 22:16:28 ----D---- C:\ProgramData\Adobe
2011-08-08 11:22:02 ----D---- C:\Program Files (x86)\Google
2011-08-08 01:00:15 ----D---- C:\ProgramData\Microsoft Help
2011-08-04 13:11:48 ----D---- C:\Users\Luky\AppData\Roaming\Audacity
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Sidebar
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Portable Devices
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Media Player
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\DVD Maker
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Journal
2011-08-03 21:33:11 ----D---- C:\Windows\servicing
2011-08-03 21:33:11 ----D---- C:\Program Files\Windows Defender
2011-08-03 21:33:10 ----D---- C:\Windows\ehome
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\Setup
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\oobe
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\da-DK
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\cs
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-08-03 21:33:02 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\sppui
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\es-ES
2011-08-03 21:32:56 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\migwiz
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\wbem
2011-08-03 21:32:52 ----D---- C:\Windows\system32\sppui
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Setup
2011-08-03 21:32:52 ----D---- C:\Windows\system32\migwiz
2011-08-03 21:32:52 ----D---- C:\Windows\system32\manifeststore
2011-08-03 21:32:52 ----D---- C:\Windows\system32\es-ES
2011-08-03 21:32:52 ----D---- C:\Windows\system32\en-US
2011-08-03 21:32:52 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\da-DK
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs
2011-08-03 21:32:52 ----D---- C:\Windows\system32\AdvancedInstallers
2011-08-03 21:32:52 ----D---- C:\Windows\PolicyDefinitions
2011-08-03 21:32:52 ----AD---- C:\Windows\system32\oobe
2011-08-03 20:23:23 ----D---- C:\Windows\system32\Boot
2011-08-03 20:04:36 ----D---- C:\Windows\Logs
2011-08-03 20:01:01 ----D---- C:\Windows\debug
2011-08-03 20:00:52 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-03 19:56:00 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-08-03 19:56:00 ----A---- C:\Windows\system32\msclmd.dll
2011-08-03 12:52:20 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-29 14:28:54 ----D---- C:\Windows\SYSWOW64\directx
2011-07-29 14:28:42 ----HD---- C:\Windows\msdownld.tmp
2011-07-28 15:02:11 ----D---- C:\Program Files\Dell Support Center
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-07 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-05-21 27240]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2010-12-18 25280]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-18 526392]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-12-04 316024]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2010-10-20 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 270912]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-08 12262688]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 pelmouse;Mouse Suite Driver; C:\Windows\system32\DRIVERS\pelmouse.sys [2008-01-19 35840]
R3 pelusblf;USB Mouse Low Filter Driver; C:\Windows\system32\DRIVERS\pelusblf.sys [2008-06-03 27648]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-01-25 520192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 ag14b4gv;ag14b4gv; C:\Windows\system32\drivers\ag14b4gv.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-30 250984]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 MBAMService;MBAMService; C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-25 296448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
S2 ekrn;ESET Service; C:\Programy\ESET Smart Security\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 EhttpSrv;ESET HTTP Server; C:\Programy\ESET Smart Security\EHttpSrv.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-11-09 74392]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
Děkuji předem, pokud se mě někdo ujme, a bude mít nervy na to, řešit další z té kupy takovýchto virů.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Další Facebook virus (použit MBAM)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Další Facebook virus (použit MBAM)
Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému 
Stáhněte ComboFix a uložte jej na Plochu. Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí. Spusťte ComboFix s administrátorským oprávněním. Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení Během skenu nechte počítač naprosto v klidu. Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem ComboFixu si do dalšího pokynu nevšímejte Koupím trochu času, cenu respektuji.
Re: Další Facebook virus (použit MBAM)
Log z Combofixu:
ComboFix 11-08-22.02 - Luky 22.08.2011 12:15:26.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5697 [GMT 2:00]
Spuštěný z: c:\users\Luky\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\7001104.exe
c:\windows\Temp\7461402.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 09:50 . 2011-08-22 09:51 -------- d-----w- c:\program files\trend micro
2011-08-22 09:50 . 2011-08-22 09:50 -------- d-----w- C:\rsit
2011-08-22 09:38 . 2011-08-22 09:38 -------- d-----w- c:\users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 09:29 . 2011-08-22 09:29 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 09:23 . 2011-08-22 09:28 -------- d-----w- c:\windows\ufa
2011-08-22 09:23 . 2011-08-22 09:23 -------- d--h--w- c:\windows\update.7.1
2011-08-22 09:22 . 2011-08-22 09:23 246272 ----a-w- c:\windows\unrar.exe
2011-08-22 09:01 . 2011-08-22 09:01 -------- d-----w- c:\windows\av_ico
2011-08-22 08:59 . 2011-08-22 09:43 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-22 08:59 . 2011-08-22 09:43 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-21 21:00 . 2011-08-21 21:02 -------- d-----w- c:\users\Luky\AppData\Roaming\Ambient Design
2011-08-20 19:32 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF3F84AE-6EBF-4C93-B621-325964FA0345}\mpengine.dll
2011-08-18 10:41 . 2011-08-18 10:42 -------- d-----w- c:\users\Guest
2011-08-18 09:24 . 2011-08-18 09:24 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-18 09:24 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-18 09:24 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-18 09:24 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-18 09:24 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-18 09:16 . 2011-08-18 09:16 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-08-18 09:13 . 2011-08-18 10:37 -------- d-----w- c:\users\Luky\AppData\Local\OpenCandy
2011-08-18 09:13 . 2011-08-18 09:14 -------- d-----w- c:\users\Luky\AppData\Roaming\OpenCandy
2011-08-10 23:08 . 2011-08-10 23:08 -------- d-----w- C:\e232c3ab3ace64e078f9cf
2011-08-10 17:47 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 17:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-09 20:17 . 2011-08-09 20:17 -------- d-----w- C:\adobeTemp
2011-08-09 20:16 . 2011-08-09 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-05 22:02 . 2011-08-05 22:02 -------- d-----w- c:\users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 10:21 . 2009-07-10 10:43 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll
2011-08-03 17:36 . 2011-08-03 17:36 -------- d-----w- c:\windows\system32\SPReview
2011-08-03 17:35 . 2011-08-03 17:35 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 21:33 . 2011-08-02 21:33 -------- d-----w- c:\programdata\Blizzard
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\windows\Sun
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 13:32 . 2011-08-02 13:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 13:31 . 2011-08-02 13:31 -------- d-----w- c:\program files (x86)\Java
2011-07-30 12:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-29 12:48 . 2011-07-29 12:48 -------- d-----w- c:\users\Luky\AppData\Local\The Witcher 2
2011-07-29 12:13 . 2011-07-29 12:13 -------- d-----w- c:\users\Luky\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 17:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-03 17:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-19 16:51 . 2011-07-19 16:51 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
2011-07-16 04:26 . 2011-08-10 17:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 20:45 . 2011-07-04 20:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-01 11:28 . 2011-07-01 11:28 286720 ------w- c:\windows\Setup1.exe
2011-07-01 11:28 . 2011-07-01 11:28 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-11 03:07 . 2011-07-12 20:26 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2011-05-19 18:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 06:36 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 06:36 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 06:36 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 06:36 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 06:36 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ShowBatteryBar"="c:\programy\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"ICQ"="c:\programy\ICQ7.5\ICQ.exe" [2011-08-14 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-05-20 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 ekrn;ESET Service;c:\programy\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 15:08]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 15:08]
.
2011-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-08-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-03 94720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://eu.ask.com/?l=dis&o=15383
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\
FF - prefs.js: browser.search.selectedEngine - Heuréka
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-egui - c:\programy\ESET Smart Security\egui.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 12:22:30
ComboFix-quarantined-files.txt 2011-08-22 10:22
.
Před spuštěním: Volných bajtů: 377 171 304 448
Po spuštění: Volných bajtů: 376 944 005 120
.
- - End Of File - - D275C418AAF27EE82AA2CDB572C37E10
ComboFix 11-08-22.02 - Luky 22.08.2011 12:15:26.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5697 [GMT 2:00]
Spuštěný z: c:\users\Luky\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\7001104.exe
c:\windows\Temp\7461402.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 09:50 . 2011-08-22 09:51 -------- d-----w- c:\program files\trend micro
2011-08-22 09:50 . 2011-08-22 09:50 -------- d-----w- C:\rsit
2011-08-22 09:38 . 2011-08-22 09:38 -------- d-----w- c:\users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 09:29 . 2011-08-22 09:29 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 09:23 . 2011-08-22 09:28 -------- d-----w- c:\windows\ufa
2011-08-22 09:23 . 2011-08-22 09:23 -------- d--h--w- c:\windows\update.7.1
2011-08-22 09:22 . 2011-08-22 09:23 246272 ----a-w- c:\windows\unrar.exe
2011-08-22 09:01 . 2011-08-22 09:01 -------- d-----w- c:\windows\av_ico
2011-08-22 08:59 . 2011-08-22 09:43 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-22 08:59 . 2011-08-22 09:43 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-21 21:00 . 2011-08-21 21:02 -------- d-----w- c:\users\Luky\AppData\Roaming\Ambient Design
2011-08-20 19:32 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF3F84AE-6EBF-4C93-B621-325964FA0345}\mpengine.dll
2011-08-18 10:41 . 2011-08-18 10:42 -------- d-----w- c:\users\Guest
2011-08-18 09:24 . 2011-08-18 09:24 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-18 09:24 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-18 09:24 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-18 09:24 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-18 09:24 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-18 09:16 . 2011-08-18 09:16 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-08-18 09:13 . 2011-08-18 10:37 -------- d-----w- c:\users\Luky\AppData\Local\OpenCandy
2011-08-18 09:13 . 2011-08-18 09:14 -------- d-----w- c:\users\Luky\AppData\Roaming\OpenCandy
2011-08-10 23:08 . 2011-08-10 23:08 -------- d-----w- C:\e232c3ab3ace64e078f9cf
2011-08-10 17:47 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 17:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-09 20:17 . 2011-08-09 20:17 -------- d-----w- C:\adobeTemp
2011-08-09 20:16 . 2011-08-09 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-05 22:02 . 2011-08-05 22:02 -------- d-----w- c:\users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 10:21 . 2009-07-10 10:43 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll
2011-08-03 17:36 . 2011-08-03 17:36 -------- d-----w- c:\windows\system32\SPReview
2011-08-03 17:35 . 2011-08-03 17:35 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 21:33 . 2011-08-02 21:33 -------- d-----w- c:\programdata\Blizzard
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\windows\Sun
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 13:32 . 2011-08-02 13:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 13:31 . 2011-08-02 13:31 -------- d-----w- c:\program files (x86)\Java
2011-07-30 12:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-29 12:48 . 2011-07-29 12:48 -------- d-----w- c:\users\Luky\AppData\Local\The Witcher 2
2011-07-29 12:13 . 2011-07-29 12:13 -------- d-----w- c:\users\Luky\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 17:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-03 17:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-19 16:51 . 2011-07-19 16:51 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
2011-07-16 04:26 . 2011-08-10 17:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 20:45 . 2011-07-04 20:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-01 11:28 . 2011-07-01 11:28 286720 ------w- c:\windows\Setup1.exe
2011-07-01 11:28 . 2011-07-01 11:28 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-11 03:07 . 2011-07-12 20:26 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2011-05-19 18:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 06:36 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 06:36 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 06:36 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 06:36 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 06:36 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ShowBatteryBar"="c:\programy\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"ICQ"="c:\programy\ICQ7.5\ICQ.exe" [2011-08-14 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-05-20 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 ekrn;ESET Service;c:\programy\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 15:08]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 15:08]
.
2011-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-08-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-03 94720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://eu.ask.com/?l=dis&o=15383
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\
FF - prefs.js: browser.search.selectedEngine - Heuréka
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-egui - c:\programy\ESET Smart Security\egui.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 12:22:30
ComboFix-quarantined-files.txt 2011-08-22 10:22
.
Před spuštěním: Volných bajtů: 377 171 304 448
Po spuštění: Volných bajtů: 376 944 005 120
.
- - End Of File - - D275C418AAF27EE82AA2CDB572C37E10
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Další Facebook virus (použit MBAM)
Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.
Kód: Vybrat vše
killall::
collect::
c:\windows\update.7.1\svchostdriver.exe
file::
c:\windows\unrar.exe
c:\windows\Setup1.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job
folder::
c:\windows\update.7.1
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
C:\e232c3ab3ace64e078f9cf
C:\adobeTemp
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"=-
"AdobeAAMUpdater-1.0"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Driver::
gupdate
gupdatem
ddservice
reboot::Koupím trochu času, cenu respektuji.
Re: Další Facebook virus (použit MBAM)
Doufám, že jsem to udělal správně-
ComboFix 11-08-22.02 - Luky 22.08.2011 12:55:33.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5967 [GMT 2:00]
Spuštěný z: c:\users\Luky\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Luky\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Setup1.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job"
"c:\windows\Tasks\SystemToolsDailyTest.job"
"c:\windows\unrar.exe"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\adobeTemp
c:\adobetemp\backup\adobetmp021617082
C:\e232c3ab3ace64e078f9cf
c:\e232c3ab3ace64e078f9cf\$shtdwn$.req
c:\e232c3ab3ace64e078f9cf\mrt.exe._p
c:\e232c3ab3ace64e078f9cf\mrtstub.exe
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\Setup1.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 09:50 . 2011-08-22 09:51 -------- d-----w- c:\program files\trend micro
2011-08-22 09:50 . 2011-08-22 09:50 -------- d-----w- C:\rsit
2011-08-22 09:38 . 2011-08-22 09:38 -------- d-----w- c:\users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 09:29 . 2011-08-22 09:29 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 21:00 . 2011-08-21 21:02 -------- d-----w- c:\users\Luky\AppData\Roaming\Ambient Design
2011-08-20 19:32 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF3F84AE-6EBF-4C93-B621-325964FA0345}\mpengine.dll
2011-08-18 10:41 . 2011-08-18 10:42 -------- d-----w- c:\users\Guest
2011-08-18 09:24 . 2011-08-18 09:24 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-18 09:24 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-18 09:24 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-18 09:24 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-18 09:24 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-18 09:16 . 2011-08-18 09:16 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-08-18 09:13 . 2011-08-18 10:37 -------- d-----w- c:\users\Luky\AppData\Local\OpenCandy
2011-08-18 09:13 . 2011-08-18 09:14 -------- d-----w- c:\users\Luky\AppData\Roaming\OpenCandy
2011-08-10 17:47 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 17:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-09 20:16 . 2011-08-09 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-05 22:02 . 2011-08-05 22:02 -------- d-----w- c:\users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 10:21 . 2009-07-10 10:43 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll
2011-08-03 17:36 . 2011-08-03 17:36 -------- d-----w- c:\windows\system32\SPReview
2011-08-03 17:35 . 2011-08-03 17:35 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 21:33 . 2011-08-02 21:33 -------- d-----w- c:\programdata\Blizzard
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\windows\Sun
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 13:32 . 2011-08-02 13:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 13:31 . 2011-08-02 13:31 -------- d-----w- c:\program files (x86)\Java
2011-07-30 12:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-29 12:48 . 2011-07-29 12:48 -------- d-----w- c:\users\Luky\AppData\Local\The Witcher 2
2011-07-29 12:13 . 2011-07-29 12:13 -------- d-----w- c:\users\Luky\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 17:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-03 17:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-19 16:51 . 2011-07-19 16:51 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
2011-07-16 04:26 . 2011-08-10 17:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 20:45 . 2011-07-04 20:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-01 11:28 . 2011-07-01 11:28 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-11 03:07 . 2011-07-12 20:26 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2011-05-19 18:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 06:36 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_10.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 16:56 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-19 16:56 . 2011-08-22 11:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-19 16:56 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-19 16:15 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:15 . 2011-08-22 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-19 16:15 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-19 16:15 . 2011-08-22 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-22 10:59 . 2011-08-22 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-22 09:44 . 2011-08-22 09:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-22 09:44 . 2011-08-22 09:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-22 10:59 . 2011-08-22 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-22 10:59 504208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-22 09:44 504208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-23 14:04 . 2011-08-22 10:59 33727656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1694672563-1102797356-4185657622-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ShowBatteryBar"="c:\programy\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"ICQ"="c:\programy\ICQ7.5\ICQ.exe" [2011-08-14 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-05-20 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 ekrn;ESET Service;c:\programy\ESET Smart Security\x86\ekrn.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF3010.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"egui"="c:\programy\ESET Smart Security\egui.exe" [BU]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-03 94720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://eu.ask.com/?l=dis&o=15383
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\
FF - prefs.js: browser.search.selectedEngine - Heuréka
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 13:07:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 11:07
ComboFix2.txt 2011-08-22 10:22
.
Před spuštěním: Volných bajtů: 376 993 665 024
Po spuštění: Volných bajtů: 376 488 308 736
.
- - End Of File - - 614A22521C65BFE0C9928118DA4A3B1D
ComboFix 11-08-22.02 - Luky 22.08.2011 12:55:33.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5967 [GMT 2:00]
Spuštěný z: c:\users\Luky\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Luky\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Setup1.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job"
"c:\windows\Tasks\SystemToolsDailyTest.job"
"c:\windows\unrar.exe"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\adobeTemp
c:\adobetemp\backup\adobetmp021617082
C:\e232c3ab3ace64e078f9cf
c:\e232c3ab3ace64e078f9cf\$shtdwn$.req
c:\e232c3ab3ace64e078f9cf\mrt.exe._p
c:\e232c3ab3ace64e078f9cf\mrtstub.exe
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\Setup1.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 09:50 . 2011-08-22 09:51 -------- d-----w- c:\program files\trend micro
2011-08-22 09:50 . 2011-08-22 09:50 -------- d-----w- C:\rsit
2011-08-22 09:38 . 2011-08-22 09:38 -------- d-----w- c:\users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 09:29 . 2011-08-22 09:29 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 09:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 21:00 . 2011-08-21 21:02 -------- d-----w- c:\users\Luky\AppData\Roaming\Ambient Design
2011-08-20 19:32 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF3F84AE-6EBF-4C93-B621-325964FA0345}\mpengine.dll
2011-08-18 10:41 . 2011-08-18 10:42 -------- d-----w- c:\users\Guest
2011-08-18 09:24 . 2011-08-18 09:24 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-18 09:24 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-18 09:24 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-18 09:24 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-18 09:24 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-18 09:16 . 2011-08-18 09:16 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-08-18 09:13 . 2011-08-18 10:37 -------- d-----w- c:\users\Luky\AppData\Local\OpenCandy
2011-08-18 09:13 . 2011-08-18 09:14 -------- d-----w- c:\users\Luky\AppData\Roaming\OpenCandy
2011-08-10 17:47 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 17:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 17:46 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-09 20:16 . 2011-08-09 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-05 22:02 . 2011-08-05 22:02 -------- d-----w- c:\users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 10:21 . 2009-07-10 10:43 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll
2011-08-03 17:36 . 2011-08-03 17:36 -------- d-----w- c:\windows\system32\SPReview
2011-08-03 17:35 . 2011-08-03 17:35 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 21:33 . 2011-08-02 21:33 -------- d-----w- c:\programdata\Blizzard
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\windows\Sun
2011-08-02 13:32 . 2011-08-02 13:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 13:32 . 2011-08-02 13:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 13:31 . 2011-08-02 13:31 -------- d-----w- c:\program files (x86)\Java
2011-07-30 12:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-07-30 12:26 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-29 12:48 . 2011-07-29 12:48 -------- d-----w- c:\users\Luky\AppData\Local\The Witcher 2
2011-07-29 12:13 . 2011-07-29 12:13 -------- d-----w- c:\users\Luky\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 17:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-03 17:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-19 16:51 . 2011-07-19 16:51 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
2011-07-16 04:26 . 2011-08-10 17:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 20:45 . 2011-07-04 20:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-01 11:28 . 2011-07-01 11:28 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-11 03:07 . 2011-07-12 20:26 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2011-05-19 18:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 06:36 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_10.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 16:56 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-19 16:56 . 2011-08-22 11:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-19 16:56 . 2011-08-22 09:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-19 16:56 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-19 16:15 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-19 16:15 . 2011-08-22 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-19 16:15 . 2011-08-22 11:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-19 16:15 . 2011-08-22 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-22 10:59 . 2011-08-22 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-22 09:44 . 2011-08-22 09:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-22 09:44 . 2011-08-22 09:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-22 10:59 . 2011-08-22 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-22 10:59 504208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-22 09:44 504208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-23 14:04 . 2011-08-22 10:59 33727656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1694672563-1102797356-4185657622-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ShowBatteryBar"="c:\programy\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"ICQ"="c:\programy\ICQ7.5\ICQ.exe" [2011-08-14 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-05-20 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
R2 ekrn;ESET Service;c:\programy\ESET Smart Security\x86\ekrn.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF3010.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"egui"="c:\programy\ESET Smart Security\egui.exe" [BU]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-03 94720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://eu.ask.com/?l=dis&o=15383
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\
FF - prefs.js: browser.search.selectedEngine - Heuréka
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 13:07:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 11:07
ComboFix2.txt 2011-08-22 10:22
.
Před spuštěním: Volných bajtů: 376 993 665 024
Po spuštění: Volných bajtů: 376 488 308 736
.
- - End Of File - - 614A22521C65BFE0C9928118DA4A3B1D
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Další Facebook virus (použit MBAM)
Na stránce http://www.danstahr.tk vložte do okna následující skript a klikněte na tlašítko OK. Stažený soubor spusťte a přidání informace do registru potvrďte.Kód: Vybrat vše
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-Koupím trochu času, cenu respektuji.
Re: Další Facebook virus (použit MBAM)
Zdá se, že už jej vir nevytěžuje, což byla halvní věc, které jsem si všiml (výkon procesoru a jeho následek zahřívání). Po obnově Eset Smart Security už nehlásí hlášku, kterou psal pod vlivem viru, i když v něm, jak sám píše něco nejede správně-To ale bude nejspíš následek odstranění viru, který napadl i jej (tipuju správně?). Jiné změny jsem neregistroval ani předtím, a pouze se můžu na facebooku poptat, jestli někomu rozesílám zprávy ke stražení viru..
Pokud je to vše (nevím?), děkuji mockrát za pomoc, a celkově za vaši trpělivost nad námi, kteří na takovéto hloupé věci skočí..
Pokud je to vše (nevím?), děkuji mockrát za pomoc, a celkově za vaši trpělivost nad námi, kteří na takovéto hloupé věci skočí..
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Další Facebook virus (použit MBAM)
Ještě mi neutíkejte 
, doklepneme to. Ohledně ESS tipujete správně. Co se týče rozesílání správ, na Facebooku i jinde by bylo lepší změnit hesla.
Přeinstalujte antivir a dejte kontrolní log z RSIT.
, doklepneme to. Ohledně ESS tipujete správně. Co se týče rozesílání správ, na Facebooku i jinde by bylo lepší změnit hesla. Přeinstalujte antivir a dejte kontrolní log z RSIT.Koupím trochu času, cenu respektuji.
Re: Další Facebook virus (použit MBAM)
Tak, chvíli to trvalo, pardon, to to přeinstalování..
Logfile of random's system information tool 1.09 (written by random/random)
Run by Luky at 2011-08-22 13:53:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 359 GB (60%) free of 595 GB
Total RAM: 8099 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:44, on 22.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Programy\ICQ7.5\ICQ.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Luky.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Programy\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programy\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programy\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11945 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 17322864
\??\C:\Windows\system32\conhost.exe "1650732374-190408584813037223002086736427-978903381122344304316909565851484706668
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2344
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {81A156DF-5C8E-4897-A598-C5410FE73AF2}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Luky"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Windows\System32\ico.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-122264738-2102864772591148506862264027-1357435446-397990109-61951647954567442
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Programy\ICQ7.5\ICQ.exe" silent loginmode=4
C:\Windows\system32\wbem\unsecapp.exe -Embedding
Pelmiced.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Programy\Mozilla Firefox\firefox.exe" http://cz.hit.gemius.pl/hitredir/id=p9C ... t=partneri
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Programy\Mozilla Firefox\plugin-container.exe" --channel=5528.14c4d4c0.818445135 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Programy\Mozilla Firefox\omni.jar" 5528 "\\.\pipe\gecko-crash-server-pipe.5528" plugin
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Programy\ESET Smart Security\x86\ekrn.exe"
"C:\Programy\ESET Smart Security\egui.exe" /hide
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Luky\Desktop\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
=========Mozilla firefox=========
ProfilePath - C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "chrome://speeddial/content/speeddial.xul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Programy\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Programy\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdeployJava1.dll
npdivx32.dll
npdivx32.xpt
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\searchplugins\
askcom.xml
facebook.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-02 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-01-20 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-01-20 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-01-20 418328]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2011-01-05 592240]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2010-11-03 10228224]
"Mouse Suite 98 Daemon"=C:\Windows\system32\ICO.EXE [2008-04-03 94720]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-25 525312]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2011-05-21 326760]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
"combofix"=C:\ComboFix\CF3010.cfxxe [2010-11-20 345088]
"egui"=C:\Programy\ESET Smart Security\egui.exe [2011-01-12 2918656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"ShowBatteryBar"=C:\Programy\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]
"ICQ"=C:\Programy\ICQ7.5\ICQ.exe [2011-08-15 124216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration]
C:\Program Files (x86)\System Registration\prodreg.exe [2010-08-23 3926528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2010-08-20 487562]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellStage]
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2011-01-25 1802472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [2010-11-17 514544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programy\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [2010-11-25 240112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-05-23 431616]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-06 283160]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-05-20 560128]
"Launcher"=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [2011-01-13 165184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-08 384000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*
======List of files/folders created in the last 1 month======
2011-08-22 13:51:20 ----D---- C:\ProgramData\ESET
2011-08-22 13:07:09 ----A---- C:\ComboFix.txt
2011-08-22 13:03:28 ----SHD---- C:\$RECYCLE.BIN
2011-08-22 12:58:40 ----D---- C:\Windows\temp
2011-08-22 12:54:47 ----D---- C:\ComboFix
2011-08-22 12:14:04 ----A---- C:\Windows\zip.exe
2011-08-22 12:14:04 ----A---- C:\Windows\SWSC.exe
2011-08-22 12:14:04 ----A---- C:\Windows\SWREG.exe
2011-08-22 12:14:04 ----A---- C:\Windows\sed.exe
2011-08-22 12:14:04 ----A---- C:\Windows\PEV.exe
2011-08-22 12:14:04 ----A---- C:\Windows\NIRCMD.exe
2011-08-22 12:14:04 ----A---- C:\Windows\MBR.exe
2011-08-22 12:14:04 ----A---- C:\Windows\grep.exe
2011-08-22 12:14:00 ----D---- C:\Windows\ERDNT
2011-08-22 12:13:57 ----D---- C:\Qoobox
2011-08-22 11:50:20 ----D---- C:\rsit
2011-08-22 11:50:20 ----D---- C:\Program Files\trend micro
2011-08-22 11:38:51 ----D---- C:\Users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 11:29:51 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 11:29:49 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 11:14:53 ----A---- C:\Windows\ntbtlog.txt
2011-08-21 23:00:30 ----D---- C:\Users\Luky\AppData\Roaming\Ambient Design
2011-08-18 11:24:58 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-08-18 11:16:51 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2011-08-18 11:13:07 ----D---- C:\Users\Luky\AppData\Roaming\OpenCandy
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 19:48:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:01 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 19:48:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:47:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 19:47:54 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 19:47:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 19:47:52 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 19:47:50 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 19:47:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 19:47:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 19:47:44 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\url.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 19:46:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 19:46:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 19:46:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-09 22:17:06 ----D---- C:\Program Files\Adobe
2011-08-09 22:16:51 ----D---- C:\Program Files\Common Files\Adobe
2011-08-06 00:02:50 ----D---- C:\Users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 12:21:22 ----A---- C:\Windows\SYSWOW64\libmysql_d.dll
2011-08-03 20:00:59 ----A---- C:\Windows\system32\MRT.exe
2011-08-03 19:36:08 ----D---- C:\Windows\system32\SPReview
2011-08-03 19:35:15 ----D---- C:\Windows\system32\EventProviders
2011-08-02 23:33:37 ----D---- C:\ProgramData\Blizzard
2011-08-02 15:32:58 ----D---- C:\Windows\Sun
2011-08-02 15:32:44 ----D---- C:\ProgramData\Sun
2011-08-02 15:32:01 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-02 15:31:47 ----D---- C:\Program Files (x86)\Java
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-07-29 14:13:32 ----D---- C:\Users\Luky\AppData\Roaming\Rovio
======List of files/folders modified in the last 1 month======
2011-08-22 13:52:11 ----SHD---- C:\Windows\Installer
2011-08-22 13:52:11 ----D---- C:\Config.Msi
2011-08-22 13:52:07 ----D---- C:\Windows\system32\drivers
2011-08-22 13:52:07 ----D---- C:\Windows\system32\catroot
2011-08-22 13:52:06 ----D---- C:\Windows\system32\DriverStore
2011-08-22 13:52:06 ----D---- C:\Windows\inf
2011-08-22 13:51:20 ----D---- C:\Programy
2011-08-22 13:51:20 ----D---- C:\ProgramData
2011-08-22 13:51:10 ----SHD---- C:\System Volume Information
2011-08-22 13:47:35 ----D---- C:\Windows\system32\config
2011-08-22 13:46:18 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-22 13:45:13 ----D---- C:\Users\Luky\AppData\Roaming\ICQ
2011-08-22 13:44:23 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-22 13:44:01 ----D---- C:\ProgramData\NVIDIA
2011-08-22 13:43:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-22 13:42:51 ----AD---- C:\Windows\System32
2011-08-22 13:42:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 13:03:18 ----AD---- C:\Windows
2011-08-22 13:03:18 ----A---- C:\Windows\system.ini
2011-08-22 13:03:13 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 12:58:30 ----D---- C:\Windows\Tasks
2011-08-22 12:57:06 ----D---- C:\Windows\SysWOW64
2011-08-22 12:57:06 ----D---- C:\Windows\AppPatch
2011-08-22 12:57:04 ----D---- C:\Program Files\Common Files
2011-08-22 12:57:04 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 12:14:58 ----D---- C:\Windows\system32\catroot2
2011-08-22 11:55:45 ----D---- C:\Windows\Logs
2011-08-22 11:50:20 ----RD---- C:\Program Files
2011-08-22 11:23:48 ----D---- C:\ProgramData\Sonic
2011-08-21 21:47:31 ----D---- C:\Users\Luky\AppData\Roaming\Skype
2011-08-21 14:19:51 ----D---- C:\Windows\Prefetch
2011-08-18 12:41:54 ----RD---- C:\Users
2011-08-18 11:30:36 ----D---- C:\Hry
2011-08-18 11:24:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-18 11:16:51 ----RD---- C:\Program Files (x86)
2011-08-18 11:14:29 ----D---- C:\Windows\system32\Tasks
2011-08-18 11:13:29 ----D---- C:\Users\Luky\AppData\Roaming\uTorrent
2011-08-16 21:31:04 ----RD---- C:\Program Files (x86)\Skype
2011-08-16 21:31:02 ----D---- C:\ProgramData\Skype
2011-08-16 21:30:41 ----D---- C:\Users\Luky\AppData\Roaming\skypePM
2011-08-14 23:39:30 ----D---- C:\ProgramData\PCDr
2011-08-14 22:35:13 ----D---- C:\Users\Luky\AppData\Roaming\Adobe
2011-08-11 16:19:43 ----D---- C:\Windows\Microsoft.NET
2011-08-11 16:19:40 ----RSD---- C:\Windows\assembly
2011-08-11 10:50:51 ----D---- C:\Windows\winsxs
2011-08-11 10:38:18 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 10:38:18 ----D---- C:\Windows\system32\migration
2011-08-11 10:38:18 ----D---- C:\Program Files\Internet Explorer
2011-08-11 10:38:18 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-09 22:19:07 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-08-09 22:17:46 ----D---- C:\Program Files (x86)\Adobe
2011-08-09 22:17:33 ----RSD---- C:\Windows\Fonts
2011-08-09 22:16:28 ----D---- C:\ProgramData\Adobe
2011-08-08 11:22:02 ----D---- C:\Program Files (x86)\Google
2011-08-08 01:00:15 ----D---- C:\ProgramData\Microsoft Help
2011-08-04 13:11:48 ----D---- C:\Users\Luky\AppData\Roaming\Audacity
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Sidebar
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Portable Devices
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Media Player
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\DVD Maker
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Journal
2011-08-03 21:33:11 ----D---- C:\Windows\servicing
2011-08-03 21:33:11 ----D---- C:\Program Files\Windows Defender
2011-08-03 21:33:10 ----D---- C:\Windows\ehome
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\Setup
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\oobe
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\da-DK
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\cs
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-08-03 21:33:02 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\sppui
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\es-ES
2011-08-03 21:32:56 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\migwiz
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\wbem
2011-08-03 21:32:52 ----D---- C:\Windows\system32\sppui
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Setup
2011-08-03 21:32:52 ----D---- C:\Windows\system32\migwiz
2011-08-03 21:32:52 ----D---- C:\Windows\system32\manifeststore
2011-08-03 21:32:52 ----D---- C:\Windows\system32\es-ES
2011-08-03 21:32:52 ----D---- C:\Windows\system32\en-US
2011-08-03 21:32:52 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\da-DK
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs
2011-08-03 21:32:52 ----D---- C:\Windows\system32\AdvancedInstallers
2011-08-03 21:32:52 ----D---- C:\Windows\PolicyDefinitions
2011-08-03 21:32:52 ----AD---- C:\Windows\system32\oobe
2011-08-03 20:23:23 ----D---- C:\Windows\system32\Boot
2011-08-03 20:01:01 ----D---- C:\Windows\debug
2011-08-03 20:00:52 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-03 19:56:00 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-08-03 19:56:00 ----A---- C:\Windows\system32\msclmd.dll
2011-08-03 12:52:20 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-29 14:28:54 ----D---- C:\Windows\SYSWOW64\directx
2011-07-29 14:28:42 ----HD---- C:\Windows\msdownld.tmp
2011-07-28 15:02:11 ----D---- C:\Program Files\Dell Support Center
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-07 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-05-21 27240]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2010-12-18 25280]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-18 526392]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-12-04 316024]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2010-10-20 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 270912]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-08 12262688]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 pelmouse;Mouse Suite Driver; C:\Windows\system32\DRIVERS\pelmouse.sys [2008-01-19 35840]
R3 pelusblf;USB Mouse Low Filter Driver; C:\Windows\system32\DRIVERS\pelusblf.sys [2008-06-03 27648]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-01-25 520192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 a9wgf5q3;a9wgf5q3; C:\Windows\system32\drivers\a9wgf5q3.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-30 250984]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
R2 ekrn;ESET Service; C:\Programy\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-25 296448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 EhttpSrv;ESET HTTP Server; C:\Programy\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-11-09 74392]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Luky at 2011-08-22 13:53:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 359 GB (60%) free of 595 GB
Total RAM: 8099 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:44, on 22.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Programy\ICQ7.5\ICQ.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Programy\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Luky.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Programy\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1694672563-1102797356-4185657622-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programy\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Luky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{189749BF-EBAF-4F61-B1D7-122FF671D1E0}: NameServer = 0.0.0.0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programy\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programy\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11945 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 17322864
\??\C:\Windows\system32\conhost.exe "1650732374-190408584813037223002086736427-978903381122344304316909565851484706668
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2344
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {81A156DF-5C8E-4897-A598-C5410FE73AF2}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Luky"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Windows\System32\ico.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-122264738-2102864772591148506862264027-1357435446-397990109-61951647954567442
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Programy\ICQ7.5\ICQ.exe" silent loginmode=4
C:\Windows\system32\wbem\unsecapp.exe -Embedding
Pelmiced.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Programy\Mozilla Firefox\firefox.exe" http://cz.hit.gemius.pl/hitredir/id=p9C ... t=partneri
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Programy\Mozilla Firefox\plugin-container.exe" --channel=5528.14c4d4c0.818445135 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Programy\Mozilla Firefox\omni.jar" 5528 "\\.\pipe\gecko-crash-server-pipe.5528" plugin
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Programy\ESET Smart Security\x86\ekrn.exe"
"C:\Programy\ESET Smart Security\egui.exe" /hide
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Luky\Desktop\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
=========Mozilla firefox=========
ProfilePath - C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "chrome://speeddial/content/speeddial.xul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Programy\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Programy\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Programy\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Programy\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdeployJava1.dll
npdivx32.dll
npdivx32.xpt
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Programy\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Luky\AppData\Roaming\Mozilla\Firefox\Profiles\cqkvx92k.default\searchplugins\
askcom.xml
facebook.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-02 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-01-20 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-01-20 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-01-20 418328]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2011-01-05 592240]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2010-11-03 10228224]
"Mouse Suite 98 Daemon"=C:\Windows\system32\ICO.EXE [2008-04-03 94720]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-25 525312]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2011-05-21 326760]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
"combofix"=C:\ComboFix\CF3010.cfxxe [2010-11-20 345088]
"egui"=C:\Programy\ESET Smart Security\egui.exe [2011-01-12 2918656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"ShowBatteryBar"=C:\Programy\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]
"ICQ"=C:\Programy\ICQ7.5\ICQ.exe [2011-08-15 124216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration]
C:\Program Files (x86)\System Registration\prodreg.exe [2010-08-23 3926528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2010-08-20 487562]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellStage]
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2011-01-25 1802472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [2010-11-17 514544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programy\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [2010-11-25 240112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-05-23 431616]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-06 283160]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-05-20 560128]
"Launcher"=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [2011-01-13 165184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-08 384000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*
======List of files/folders created in the last 1 month======
2011-08-22 13:51:20 ----D---- C:\ProgramData\ESET
2011-08-22 13:07:09 ----A---- C:\ComboFix.txt
2011-08-22 13:03:28 ----SHD---- C:\$RECYCLE.BIN
2011-08-22 12:58:40 ----D---- C:\Windows\temp
2011-08-22 12:54:47 ----D---- C:\ComboFix
2011-08-22 12:14:04 ----A---- C:\Windows\zip.exe
2011-08-22 12:14:04 ----A---- C:\Windows\SWSC.exe
2011-08-22 12:14:04 ----A---- C:\Windows\SWREG.exe
2011-08-22 12:14:04 ----A---- C:\Windows\sed.exe
2011-08-22 12:14:04 ----A---- C:\Windows\PEV.exe
2011-08-22 12:14:04 ----A---- C:\Windows\NIRCMD.exe
2011-08-22 12:14:04 ----A---- C:\Windows\MBR.exe
2011-08-22 12:14:04 ----A---- C:\Windows\grep.exe
2011-08-22 12:14:00 ----D---- C:\Windows\ERDNT
2011-08-22 12:13:57 ----D---- C:\Qoobox
2011-08-22 11:50:20 ----D---- C:\rsit
2011-08-22 11:50:20 ----D---- C:\Program Files\trend micro
2011-08-22 11:38:51 ----D---- C:\Users\Luky\AppData\Roaming\Malwarebytes
2011-08-22 11:29:51 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 11:29:49 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 11:14:53 ----A---- C:\Windows\ntbtlog.txt
2011-08-21 23:00:30 ----D---- C:\Users\Luky\AppData\Roaming\Ambient Design
2011-08-18 11:24:58 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-08-18 11:16:51 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2011-08-18 11:13:07 ----D---- C:\Users\Luky\AppData\Roaming\OpenCandy
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 19:48:10 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 19:48:09 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 19:48:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 19:48:03 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 19:48:03 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 19:48:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 19:48:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:48:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:48:01 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 19:48:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:48:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:47:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 19:47:54 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 19:47:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 19:47:52 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 19:47:50 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 19:47:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 19:47:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 19:47:44 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 19:47:43 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\url.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 19:47:42 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 19:47:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 19:47:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 19:46:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 19:46:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 19:46:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-09 22:17:06 ----D---- C:\Program Files\Adobe
2011-08-09 22:16:51 ----D---- C:\Program Files\Common Files\Adobe
2011-08-06 00:02:50 ----D---- C:\Users\Luky\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-05 12:21:22 ----A---- C:\Windows\SYSWOW64\libmysql_d.dll
2011-08-03 20:00:59 ----A---- C:\Windows\system32\MRT.exe
2011-08-03 19:36:08 ----D---- C:\Windows\system32\SPReview
2011-08-03 19:35:15 ----D---- C:\Windows\system32\EventProviders
2011-08-02 23:33:37 ----D---- C:\ProgramData\Blizzard
2011-08-02 15:32:58 ----D---- C:\Windows\Sun
2011-08-02 15:32:44 ----D---- C:\ProgramData\Sun
2011-08-02 15:32:01 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-02 15:32:00 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-02 15:31:47 ----D---- C:\Program Files (x86)\Java
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-07-30 14:26:38 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-07-30 14:26:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-07-29 14:28:53 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-07-29 14:28:52 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-07-29 14:28:51 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-07-29 14:28:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-07-29 14:28:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-07-29 14:13:32 ----D---- C:\Users\Luky\AppData\Roaming\Rovio
======List of files/folders modified in the last 1 month======
2011-08-22 13:52:11 ----SHD---- C:\Windows\Installer
2011-08-22 13:52:11 ----D---- C:\Config.Msi
2011-08-22 13:52:07 ----D---- C:\Windows\system32\drivers
2011-08-22 13:52:07 ----D---- C:\Windows\system32\catroot
2011-08-22 13:52:06 ----D---- C:\Windows\system32\DriverStore
2011-08-22 13:52:06 ----D---- C:\Windows\inf
2011-08-22 13:51:20 ----D---- C:\Programy
2011-08-22 13:51:20 ----D---- C:\ProgramData
2011-08-22 13:51:10 ----SHD---- C:\System Volume Information
2011-08-22 13:47:35 ----D---- C:\Windows\system32\config
2011-08-22 13:46:18 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-22 13:45:13 ----D---- C:\Users\Luky\AppData\Roaming\ICQ
2011-08-22 13:44:23 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-22 13:44:01 ----D---- C:\ProgramData\NVIDIA
2011-08-22 13:43:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-22 13:42:51 ----AD---- C:\Windows\System32
2011-08-22 13:42:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 13:03:18 ----AD---- C:\Windows
2011-08-22 13:03:18 ----A---- C:\Windows\system.ini
2011-08-22 13:03:13 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 12:58:30 ----D---- C:\Windows\Tasks
2011-08-22 12:57:06 ----D---- C:\Windows\SysWOW64
2011-08-22 12:57:06 ----D---- C:\Windows\AppPatch
2011-08-22 12:57:04 ----D---- C:\Program Files\Common Files
2011-08-22 12:57:04 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 12:14:58 ----D---- C:\Windows\system32\catroot2
2011-08-22 11:55:45 ----D---- C:\Windows\Logs
2011-08-22 11:50:20 ----RD---- C:\Program Files
2011-08-22 11:23:48 ----D---- C:\ProgramData\Sonic
2011-08-21 21:47:31 ----D---- C:\Users\Luky\AppData\Roaming\Skype
2011-08-21 14:19:51 ----D---- C:\Windows\Prefetch
2011-08-18 12:41:54 ----RD---- C:\Users
2011-08-18 11:30:36 ----D---- C:\Hry
2011-08-18 11:24:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-18 11:16:51 ----RD---- C:\Program Files (x86)
2011-08-18 11:14:29 ----D---- C:\Windows\system32\Tasks
2011-08-18 11:13:29 ----D---- C:\Users\Luky\AppData\Roaming\uTorrent
2011-08-16 21:31:04 ----RD---- C:\Program Files (x86)\Skype
2011-08-16 21:31:02 ----D---- C:\ProgramData\Skype
2011-08-16 21:30:41 ----D---- C:\Users\Luky\AppData\Roaming\skypePM
2011-08-14 23:39:30 ----D---- C:\ProgramData\PCDr
2011-08-14 22:35:13 ----D---- C:\Users\Luky\AppData\Roaming\Adobe
2011-08-11 16:19:43 ----D---- C:\Windows\Microsoft.NET
2011-08-11 16:19:40 ----RSD---- C:\Windows\assembly
2011-08-11 10:50:51 ----D---- C:\Windows\winsxs
2011-08-11 10:38:18 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 10:38:18 ----D---- C:\Windows\system32\migration
2011-08-11 10:38:18 ----D---- C:\Program Files\Internet Explorer
2011-08-11 10:38:18 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-09 22:19:07 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-08-09 22:17:46 ----D---- C:\Program Files (x86)\Adobe
2011-08-09 22:17:33 ----RSD---- C:\Windows\Fonts
2011-08-09 22:16:28 ----D---- C:\ProgramData\Adobe
2011-08-08 11:22:02 ----D---- C:\Program Files (x86)\Google
2011-08-08 01:00:15 ----D---- C:\ProgramData\Microsoft Help
2011-08-04 13:11:48 ----D---- C:\Users\Luky\AppData\Roaming\Audacity
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-03 21:33:15 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Sidebar
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Portable Devices
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Media Player
2011-08-03 21:33:13 ----D---- C:\Program Files\Windows Mail
2011-08-03 21:33:13 ----D---- C:\Program Files\DVD Maker
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-03 21:33:12 ----D---- C:\Program Files\Windows Journal
2011-08-03 21:33:11 ----D---- C:\Windows\servicing
2011-08-03 21:33:11 ----D---- C:\Program Files\Windows Defender
2011-08-03 21:33:10 ----D---- C:\Windows\ehome
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\Setup
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\oobe
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\da-DK
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\cs
2011-08-03 21:33:03 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-08-03 21:33:02 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\sppui
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-03 21:33:01 ----D---- C:\Windows\SYSWOW64\es-ES
2011-08-03 21:32:56 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\migwiz
2011-08-03 21:32:55 ----D---- C:\Windows\SYSWOW64\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\wbem
2011-08-03 21:32:52 ----D---- C:\Windows\system32\sppui
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Setup
2011-08-03 21:32:52 ----D---- C:\Windows\system32\migwiz
2011-08-03 21:32:52 ----D---- C:\Windows\system32\manifeststore
2011-08-03 21:32:52 ----D---- C:\Windows\system32\es-ES
2011-08-03 21:32:52 ----D---- C:\Windows\system32\en-US
2011-08-03 21:32:52 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\Dism
2011-08-03 21:32:52 ----D---- C:\Windows\system32\da-DK
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs-CZ
2011-08-03 21:32:52 ----D---- C:\Windows\system32\cs
2011-08-03 21:32:52 ----D---- C:\Windows\system32\AdvancedInstallers
2011-08-03 21:32:52 ----D---- C:\Windows\PolicyDefinitions
2011-08-03 21:32:52 ----AD---- C:\Windows\system32\oobe
2011-08-03 20:23:23 ----D---- C:\Windows\system32\Boot
2011-08-03 20:01:01 ----D---- C:\Windows\debug
2011-08-03 20:00:52 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-03 19:56:00 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-08-03 19:56:00 ----A---- C:\Windows\system32\msclmd.dll
2011-08-03 12:52:20 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-29 14:28:54 ----D---- C:\Windows\SYSWOW64\directx
2011-07-29 14:28:42 ----HD---- C:\Windows\msdownld.tmp
2011-07-28 15:02:11 ----D---- C:\Program Files\Dell Support Center
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-07 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-05-21 27240]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2010-12-18 25280]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-18 526392]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-12-04 316024]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2010-10-20 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 270912]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-08 12262688]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 pelmouse;Mouse Suite Driver; C:\Windows\system32\DRIVERS\pelmouse.sys [2008-01-19 35840]
R3 pelusblf;USB Mouse Low Filter Driver; C:\Windows\system32\DRIVERS\pelusblf.sys [2008-06-03 27648]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-01-25 520192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 a9wgf5q3;a9wgf5q3; C:\Windows\system32\drivers\a9wgf5q3.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-30 250984]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
R2 ekrn;ESET Service; C:\Programy\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-25 296448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
S2 RoxWatch12;Roxio Hard Drive Watcher 12; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 EhttpSrv;ESET HTTP Server; C:\Programy\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-11-09 74392]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Další Facebook virus (použit MBAM)
Ještě drobnosti a úklid :
Spusťte znovu HijackThis (najdete jej ve svém počítači jako C:\Program Files\trend micro\Luky.exe), z nabídky vyberte Do a system scan only. Po provedení skenu u následujících položek zaškrtněte políčko vlevo a klikněte na Fix Checked.
Odinstalujte MBAM.
Stiskněte současně klávesy Win (mezi CTRL a ALT, logo Windows) + R, do okna napište combofix /uninstall a stiskněte ENTER.
Stáhněte T-Cleaner. Potvrzování se provádí stisknutím A.
Stáhněte OTC, Spusťte jej a stiskněte CleanUp! Bude následovat restart.
Stáhněte TFC, spusťte jej a dejte Start.
Stáhněte CCleaner, nainstalujte a spusťte.
Spusťte znovu HijackThis (najdete jej ve svém počítači jako C:\Program Files\trend micro\Luky.exe), z nabídky vyberte Do a system scan only. Po provedení skenu u následujících položek zaškrtněte políčko vlevo a klikněte na Fix Checked.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
R3 - URLSearchHook: (no name) - - (no file)
Odinstalujte MBAM. Stiskněte současně klávesy Win (mezi CTRL a ALT, logo Windows) + R, do okna napište combofix /uninstall a stiskněte ENTER. Stáhněte T-Cleaner. Potvrzování se provádí stisknutím A. Stáhněte OTC, Spusťte jej a stiskněte CleanUp! Bude následovat restart. Stáhněte TFC, spusťte jej a dejte Start. Stáhněte CCleaner, nainstalujte a spusťte.
- Na záložce Čistič stiskněte tlačítko Spustit Cleaner
- Po provedení přepněte na záložku Registry, stiskněte Hledej problémy a poté Opravit vybrané problémy. Opakujte, dokud nebude po hledání problémů seznam prázdný.
Koupím trochu času, cenu respektuji.
Re: Další Facebook virus (použit MBAM)
Tak, vykonáno, snad v pořádku.. Tohle už vypadá jako dokleplé? Děkuju mockrát za pomoc. 
. Není zač!
Přispějete na provoz fóra?