Prosím o kontrolu logu

[kub4]

mám na myši dvojklik a nemůžu se toho vůbec zbavit, spybot, spyhunter, spyware terminator nepomáhají

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-10-28 10:27:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (9%) free of 205 GB
Total RAM: 4095 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:33, on 28.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Razer\Habu\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Habu\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Kuba\AppData\Local\Temp\mexe.com
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Heroes of Newerth\hon.exe
C:\Program Files\trend micro\Kuba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2579993915-1778773906-1672663343-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2579993915-1778773906-1672663343-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12323 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2356
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Windows\RAVCpl64.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Razer\Habu\razerhid.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Razer\Habu\razerofa.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3096.1a74b990.577895862 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.7.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 3096 "\\.\pipe\gecko-crash-server-pipe.3096" plugin
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\Kuba\AppData\Local\Temp\mexe.com"
notepad.exe C:\Users\Kuba\AppData\Local\Temp\MWAV.LOG
notepad.exe C:\Users\Kuba\AppData\Local\Temp\MWAV.LOG
"C:\Program Files (x86)\Heroes of Newerth\hon.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe116_ Global\UsGthrCtrlFltPipeMssGthrPipe116 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Kuba\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig?hl=cs&source=iglk"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-05-28 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll []
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-07-08 9048392]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-04-23 5071360]
"Skytel"=C:\Windows\Skytel.exe [2007-04-13 1822720]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-07-27 3037696]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-19 3077528]
"Google Update"=C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 136176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-09-06 3722416]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888]
"Habu"=C:\Program Files (x86)\Razer\Habu\razerhid.exe [2009-08-18 239616]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-28 10:27:27 ----D---- C:\rsit
2011-10-28 10:27:27 ----D---- C:\Program Files\trend micro
2011-10-28 09:14:55 ----AD---- C:\Windows\rundll16.exe
2011-10-28 09:14:55 ----AD---- C:\Windows\logo1_.exe
2011-10-27 19:52:45 ----D---- C:\Program Files (x86)\Enigma Software Group
2011-10-27 19:52:13 ----D---- C:\Windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-27 19:42:48 ----N---- C:\autoexec.bat
2011-10-27 19:42:27 ----D---- C:\sh4ldr
2011-10-27 19:42:27 ----D---- C:\Program Files\Enigma Software Group
2011-10-27 19:41:48 ----D---- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-10-26 17:17:23 ----D---- C:\Program Files (x86)\Heroes of Newerth
2011-10-26 17:15:18 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-26 17:15:18 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-26 17:15:18 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-26 11:03:13 ----AD---- C:\Windows\VDLL.DLL
2011-10-26 11:03:13 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2011-10-26 11:03:13 ----AD---- C:\Windows\RUNDL132.EXE
2011-10-26 11:03:13 ----AD---- C:\Windows\logo_1.exe
2011-10-26 10:47:46 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2011-10-26 10:47:45 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2011-10-26 10:47:44 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2011-10-26 10:47:26 ----D---- C:\ProgramData\MicroWorld
2011-10-12 21:30:20 ----A---- C:\Windows\SYSWOW64\GEARAspi.dll
2011-10-12 21:30:20 ----A---- C:\Windows\system32\GEARAspi64.dll
2011-10-12 21:30:20 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-10-12 21:29:50 ----D---- C:\Program Files\iPod
2011-10-12 21:29:49 ----D---- C:\Program Files\iTunes
2011-10-12 21:29:49 ----D---- C:\Program Files (x86)\iTunes
2011-10-12 18:15:26 ----D---- C:\Program Files\Bonjour
2011-10-12 18:15:26 ----D---- C:\Program Files (x86)\Bonjour
2011-10-11 20:36:09 ----A---- C:\Windows\system32\win32k.sys
2011-10-11 20:36:06 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-11 20:36:06 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-11 20:35:31 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-11 20:35:31 ----A---- C:\Windows\system32\oleacc.dll
2011-10-11 20:35:30 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-11 20:35:30 ----A---- C:\Windows\system32\oleaut32.dll

======List of files/folders modified in the last 1 month======

2011-10-28 10:27:33 ----D---- C:\Windows\Temp
2011-10-28 10:27:27 ----RD---- C:\Program Files
2011-10-28 09:42:37 ----HD---- C:\ProgramData
2011-10-28 09:14:55 ----D---- C:\Windows
2011-10-27 23:27:40 ----D---- C:\Windows\system32\config
2011-10-27 22:40:20 ----D---- C:\Windows\Tasks
2011-10-27 22:40:20 ----D---- C:\Windows\system32\wfp
2011-10-27 22:40:20 ----D---- C:\Windows\system32\DriverStore
2011-10-27 22:40:20 ----D---- C:\Windows\system32\drivers\etc
2011-10-27 22:40:20 ----D---- C:\Windows\system32\catroot2
2011-10-27 22:40:20 ----D---- C:\Windows\System32
2011-10-27 22:40:20 ----D---- C:\Windows\inf
2011-10-27 22:40:15 ----D---- C:\Users\Kuba\AppData\Roaming\vlc
2011-10-27 22:40:15 ----D---- C:\Users\Kuba\AppData\Roaming\Razer
2011-10-27 22:40:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-10-27 22:40:15 ----D---- C:\ProgramData\PMB Files
2011-10-27 22:40:05 ----D---- C:\Windows\system32\wbem
2011-10-27 22:40:05 ----D---- C:\Windows\registration
2011-10-27 22:39:06 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2011-10-27 22:38:56 ----RD---- C:\Program Files (x86)
2011-10-27 22:38:20 ----SHD---- C:\System Volume Information
2011-10-27 21:58:34 ----D---- C:\Users\Kuba\AppData\Roaming\Spyware Terminator
2011-10-27 21:44:01 ----D---- C:\Windows\Prefetch
2011-10-27 21:41:50 ----D---- C:\ProgramData\NVIDIA
2011-10-27 19:51:09 ----SHD---- C:\Windows\Installer
2011-10-27 19:51:08 ----D---- C:\Windows\system32\Tasks
2011-10-27 19:51:07 ----SHD---- C:\Config.Msi
2011-10-27 19:48:42 ----D---- C:\ProgramData\Apple Computer
2011-10-27 19:41:43 ----D---- C:\Program Files (x86)\Common Files
2011-10-27 14:23:44 ----D---- C:\Users\Kuba\AppData\Roaming\Azureus
2011-10-27 13:56:12 ----D---- C:\ProgramData\Spyware Terminator
2011-10-27 03:00:52 ----D---- C:\Windows\winsxs
2011-10-26 17:15:18 ----D---- C:\Windows\SysWOW64
2011-10-26 17:14:51 ----D---- C:\Program Files (x86)\Java
2011-10-26 10:05:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-26 08:50:57 ----D---- C:\Windows\system32\catroot
2011-10-20 21:11:35 ----D---- C:\Windows\system32\FxsTmp
2011-10-20 14:13:12 ----D---- C:\Users\Kuba\AppData\Roaming\Canon
2011-10-13 21:17:35 ----D---- C:\Windows\system32\NDF
2011-10-12 23:27:31 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-10-12 21:30:20 ----DC---- C:\Windows\system32\DRVSTORE
2011-10-12 21:30:20 ----D---- C:\Windows\system32\drivers
2011-10-12 03:37:22 ----D---- C:\Windows\Microsoft.NET
2011-10-12 03:36:58 ----RSD---- C:\Windows\assembly
2011-10-12 03:22:24 ----D---- C:\Windows\ehome
2011-10-12 03:04:52 ----A---- C:\Windows\system32\MRT.exe
2011-10-03 17:33:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-03 05:06:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-31 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-07-29 13368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-08 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-08 41712]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-08 92688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-29 9980416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér; C:\Windows\system32\DRIVERS\l160x64.sys [2009-06-25 58368]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2009-08-07 13824]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-04-23 1072928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2010-07-29 15416]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys []
S3 azfegi4y;azfegi4y; C:\Windows\system32\drivers\azfegi4y.sys []
S3 cpuz132;cpuz132; \??\C:\Users\Kuba\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-07-29 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-09-06 44768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-08 2528096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-07-27 488960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]

-----------------EOF-----------------

[kub4]

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Smart Antivirus 2010 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Smart Antivirus 2010 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Popcornnet/movieland Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ace Club Casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Fix Tool Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Fix Tool Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Fix Tool Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Lsas.Trojan-Spy.DOS.Keycopy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "SecureExpertCleaner Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "My Web Search Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".11". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".1132". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".2011-04". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".Addic7ed". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".b5t". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".b6t". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".bik". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".BIO". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".bsa". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".bwt". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ccd". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ccf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cdi". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cdr". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cgi". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".co". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".conf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dlc". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dmg". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".DVD9-ETM". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".esp". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".f4v". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".hrf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".isz". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".itc2". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jsp". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mobi". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".okm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".part". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pdi". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php?id=185&session=NjM3MzQwOTA0MDk=&stream=play". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rnd". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rsdf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfv". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sub". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".THM". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".x-1631-x86-Win-enGB-tools-component-dl". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".x264-2HD". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".x264-CTU". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".X264-DIMENSION". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".x264-IMMERSE". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".z01". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".z02". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".z03". Provedené akce: Ponecháno, neodstraněno!.

[Roli]

Zdravím, tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\qipsearchb
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HJT najdeš zde :

C:\Program Files\trend micro\Kuba.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Nero BackItUp Scheduler 3

NMIndexingService - Nero AG

NVIDIA Update Service Daemon

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Odebrat programy odinstaluj Spybot SD který je už za zenitem.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Z COMODO Internet Security máš doufám zapnutý pouze firewall ?

[kub4]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-10-31 18:31:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 109 GB (53%) free of 205 GB
Total RAM: 4095 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:46, on 31.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Razer\Habu\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Habu\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Heroes of Newerth\hon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8775 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\IoctlSvc.exe
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2744
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Windows\RAVCpl64.exe"
"nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Razer\Habu\razerhid.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Razer\Habu\razerofa.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5760.14b75020.293355526 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.7.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 5760 "\\.\pipe\gecko-crash-server-pipe.5760" plugin
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-77c88bff-017f-4eef-abbc-3436dcbf90f1 -SystemEventPortName:HostProcess-ae9c627b-1f5e-4017-b0ec-2be99590a193 -IoCancelEventPortName:HostProcess-58279e80-769b-44e5-b5ad-3c12d298af06 -NonStateChangingEventPortName:HostProcess-f53c69f0-969c-46a8-bbc0-f7edf00e1998 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:453a4417-f410-4156-98ad-2f49df103ece
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5760.7e25970.1492755211 "C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll" Mozilla.Firefox.7.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 5760 "\\.\pipe\gecko-crash-server-pipe.5760" plugin
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Program Files (x86)\Heroes of Newerth\hon.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Users\Kuba\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig?hl=cs&source=iglk"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-07-08 9048392]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-04-23 5071360]
"Skytel"=C:\Windows\Skytel.exe [2007-04-13 1822720]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-07-27 3037696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-09-06 3722416]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"Habu"=C:\Program Files (x86)\Razer\Habu\razerhid.exe [2009-08-18 239616]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-10-31 11:57:55 ----D---- C:\Program Files (x86)\Heroes of Newerth
2011-10-31 09:12:17 ----D---- C:\Program Files (x86)\CCleaner
2011-10-30 16:04:16 ----D---- C:\Users\Kuba\AppData\Roaming\dvdcss
2011-10-28 12:03:54 ----A---- C:\Windows\SYSWOW64\drivers\rimoaov.sys
2011-10-28 12:03:54 ----A---- C:\Windows\qevhp.txt
2011-10-28 11:57:26 ----AD---- C:\Windows\rundll16.exe
2011-10-28 11:57:26 ----AD---- C:\Windows\logo1_.exe
2011-10-28 09:27:27 ----D---- C:\rsit
2011-10-28 09:27:27 ----D---- C:\Program Files\trend micro
2011-10-27 18:52:45 ----D---- C:\Program Files (x86)\Enigma Software Group
2011-10-27 18:52:13 ----D---- C:\Windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-27 18:42:48 ----N---- C:\autoexec.bat
2011-10-27 18:42:27 ----D---- C:\sh4ldr
2011-10-27 18:42:27 ----D---- C:\Program Files\Enigma Software Group
2011-10-27 18:41:48 ----D---- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-10-26 16:15:18 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-26 16:15:18 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-26 16:15:18 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-26 10:03:13 ----AD---- C:\Windows\VDLL.DLL
2011-10-26 10:03:13 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2011-10-26 10:03:13 ----AD---- C:\Windows\RUNDL132.EXE
2011-10-26 10:03:13 ----AD---- C:\Windows\logo_1.exe
2011-10-26 09:47:46 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2011-10-26 09:47:45 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2011-10-26 09:47:44 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2011-10-26 09:47:26 ----D---- C:\ProgramData\MicroWorld
2011-10-12 20:30:20 ----A---- C:\Windows\SYSWOW64\GEARAspi.dll
2011-10-12 20:30:20 ----A---- C:\Windows\system32\GEARAspi64.dll
2011-10-12 20:30:20 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-10-12 20:29:50 ----D---- C:\Program Files\iPod
2011-10-12 20:29:49 ----D---- C:\Program Files\iTunes
2011-10-12 20:29:49 ----D---- C:\Program Files (x86)\iTunes
2011-10-12 17:15:26 ----D---- C:\Program Files\Bonjour
2011-10-12 17:15:26 ----D---- C:\Program Files (x86)\Bonjour
2011-10-11 19:36:09 ----A---- C:\Windows\system32\win32k.sys
2011-10-11 19:36:06 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-11 19:36:06 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-11 19:35:31 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-11 19:35:31 ----A---- C:\Windows\system32\oleacc.dll
2011-10-11 19:35:30 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-11 19:35:30 ----A---- C:\Windows\system32\oleaut32.dll
2011-09-27 12:44:11 ----D---- C:\Program Files (x86)\Razer
2011-09-27 12:43:44 ----D---- C:\Users\Kuba\AppData\Roaming\InstallShield
2011-09-23 15:32:08 ----D---- C:\Program Files (x86)\QuickTime
2011-09-18 02:32:09 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-30 22:05:32 ----A---- C:\Windows\system32\jdns_sd.dll
2011-08-30 22:05:32 ----A---- C:\Windows\system32\dnssdX.dll
2011-08-30 22:05:32 ----A---- C:\Windows\system32\dns-sd.exe
2011-08-30 22:05:32 ----A---- C:\Windows\system32\dnssd.dll
2011-08-30 22:05:04 ----A---- C:\Windows\SYSWOW64\jdns_sd.dll
2011-08-30 22:05:04 ----A---- C:\Windows\SYSWOW64\dnssdX.dll
2011-08-30 22:05:04 ----A---- C:\Windows\SYSWOW64\dns-sd.exe
2011-08-30 22:05:04 ----A---- C:\Windows\SYSWOW64\dnssd.dll
2011-08-23 21:30:24 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-23 21:30:24 ----A---- C:\Windows\system32\tzres.dll
2011-08-20 08:45:44 ----D---- C:\Users\Kuba\AppData\Roaming\ATI
2011-08-20 08:45:44 ----D---- C:\ProgramData\ATI
2011-08-19 16:05:24 ----D---- C:\Program Files (x86)\AMD APP
2011-08-19 16:05:19 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-08-19 16:04:29 ----D---- C:\Program Files (x86)\ATI Technologies
2011-08-19 16:04:13 ----D---- C:\Program Files\ATI Technologies
2011-08-19 16:04:09 ----D---- C:\Program Files\ATI
2011-08-19 16:03:37 ----D---- C:\ATI
2011-08-13 07:01:09 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-13 07:01:09 ----A---- C:\Windows\system32\xmllite.dll
2011-08-13 07:00:51 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-13 07:00:51 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-13 07:00:51 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-13 07:00:51 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-13 07:00:50 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-13 07:00:50 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-13 07:00:50 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-13 07:00:50 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-13 07:00:50 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-13 07:00:17 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-13 06:59:58 ----A---- C:\Windows\system32\kernel32.dll
2011-08-13 06:59:58 ----A---- C:\Windows\system32\conhost.exe
2011-08-13 06:59:57 ----A---- C:\Windows\system32\wow64.dll
2011-08-13 06:59:57 ----A---- C:\Windows\system32\winsrv.dll
2011-08-13 06:59:57 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-13 06:59:56 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-13 06:59:56 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-13 06:59:56 ----A---- C:\Windows\system32\wow64win.dll
2011-08-13 06:59:56 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-13 06:59:56 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-13 06:59:55 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-13 06:59:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-13 06:59:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-13 06:59:53 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-13 06:59:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-13 06:59:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-13 06:59:51 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-13 06:59:49 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-13 06:59:44 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-13 06:59:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-13 06:59:42 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

======List of files/folders modified in the last 3 months======

2011-10-31 18:31:44 ----D---- C:\Windows\Temp
2011-10-31 18:31:31 ----D---- C:\Windows\Prefetch
2011-10-31 18:25:11 ----D---- C:\Users\Kuba\AppData\Roaming\Skype
2011-10-31 17:15:30 ----D---- C:\Users\Kuba\AppData\Roaming\skypePM
2011-10-31 13:09:29 ----D---- C:\ProgramData\Spyware Terminator
2011-10-31 12:06:53 ----HD---- C:\ProgramData
2011-10-31 11:58:33 ----SHD---- C:\System Volume Information
2011-10-31 11:57:55 ----RD---- C:\Program Files (x86)
2011-10-31 09:15:21 ----D---- C:\Windows\Minidump
2011-10-31 09:15:21 ----D---- C:\Windows\debug
2011-10-31 09:15:21 ----D---- C:\Windows
2011-10-31 09:14:05 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-31 09:14:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-10-31 06:32:05 ----D---- C:\Users\Kuba\AppData\Roaming\Azureus
2011-10-31 04:55:52 ----D---- C:\Windows\system32\config
2011-10-30 16:08:06 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2011-10-28 12:05:56 ----D---- C:\ProgramData\NVIDIA
2011-10-28 12:03:54 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-28 09:27:27 ----RD---- C:\Program Files
2011-10-27 21:40:20 ----D---- C:\Windows\Tasks
2011-10-27 21:40:20 ----D---- C:\Windows\system32\wfp
2011-10-27 21:40:20 ----D---- C:\Windows\system32\DriverStore
2011-10-27 21:40:20 ----D---- C:\Windows\system32\drivers\etc
2011-10-27 21:40:20 ----D---- C:\Windows\system32\catroot2
2011-10-27 21:40:20 ----D---- C:\Windows\System32
2011-10-27 21:40:20 ----D---- C:\Windows\inf
2011-10-27 21:40:15 ----D---- C:\Users\Kuba\AppData\Roaming\vlc
2011-10-27 21:40:15 ----D---- C:\Users\Kuba\AppData\Roaming\Razer
2011-10-27 21:40:15 ----D---- C:\ProgramData\PMB Files
2011-10-27 21:40:05 ----D---- C:\Windows\system32\wbem
2011-10-27 21:40:05 ----D---- C:\Windows\registration
2011-10-27 20:58:34 ----D---- C:\Users\Kuba\AppData\Roaming\Spyware Terminator
2011-10-27 18:51:09 ----SHD---- C:\Windows\Installer
2011-10-27 18:51:08 ----D---- C:\Windows\system32\Tasks
2011-10-27 18:51:07 ----SHD---- C:\Config.Msi
2011-10-27 18:48:42 ----D---- C:\ProgramData\Apple Computer
2011-10-27 18:41:43 ----D---- C:\Program Files (x86)\Common Files
2011-10-27 02:00:52 ----D---- C:\Windows\winsxs
2011-10-26 16:15:18 ----D---- C:\Windows\SysWOW64
2011-10-26 16:14:51 ----D---- C:\Program Files (x86)\Java
2011-10-26 09:05:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-26 07:50:57 ----D---- C:\Windows\system32\catroot
2011-10-20 20:11:35 ----D---- C:\Windows\system32\FxsTmp
2011-10-20 13:13:12 ----D---- C:\Users\Kuba\AppData\Roaming\Canon
2011-10-13 20:17:35 ----D---- C:\Windows\system32\NDF
2011-10-12 22:27:31 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-10-12 20:30:20 ----DC---- C:\Windows\system32\DRVSTORE
2011-10-12 20:30:20 ----D---- C:\Windows\system32\drivers
2011-10-12 02:37:22 ----D---- C:\Windows\Microsoft.NET
2011-10-12 02:36:58 ----RSD---- C:\Windows\assembly
2011-10-12 02:22:24 ----D---- C:\Windows\ehome
2011-10-12 02:04:52 ----A---- C:\Windows\system32\MRT.exe
2011-10-03 16:33:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-03 04:06:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-09-27 12:44:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-09-23 19:06:07 ----D---- C:\Users\Kuba\AppData\Roaming\Apple Computer
2011-09-17 02:04:37 ----D---- C:\ProgramData\Microsoft Help
2011-09-06 21:45:29 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-09-06 21:45:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-24 21:52:04 ----D---- C:\Windows\rescache
2011-08-24 02:00:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 02:00:40 ----D---- C:\Windows\system32\cs-CZ
2011-08-19 16:05:19 ----D---- C:\Program Files\Common Files
2011-08-19 16:04:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-14 02:22:32 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-31 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-07-29 13368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-08 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-08 41712]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-08 92688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér; C:\Windows\system32\DRIVERS\l160x64.sys [2009-06-25 58368]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2009-08-07 13824]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-04-23 1072928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2010-07-29 15416]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S0 fzgrgfd;fzgrgfd; C:\Windows\system32\drivers\rimoaov.sys []
S3 an3m9mrn;an3m9mrn; C:\Windows\system32\drivers\an3m9mrn.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-07-29 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-09-06 44768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-08 2528096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 1016936]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-07-27 488960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

-----------------EOF-----------------

[kub4]

spybot odebran, mam firewall a jeste defense+. Bohuzel nechteny dvojclick porad existuje

[Roli]

Bohuzel nechteny dvojclick porad existuje

Však jsme taky ještě nezkončili.


Nyní použijeme větší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[kub4]

ComboFix 11-10-30.04 - Kuba 31.10.2011 20:25:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.1552 [GMT 1:00]
Spuštěný z: c:\users\Kuba\Desktop\ComboFix.exe
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 19:32 . 2011-10-31 19:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-31 19:32 . 2011-10-31 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 10:57 . 2011-10-31 18:40 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2011-10-31 08:12 . 2011-10-31 08:12 -------- d-----w- c:\program files (x86)\CCleaner
2011-10-30 15:04 . 2011-10-30 15:10 -------- d-----w- c:\users\Kuba\AppData\Roaming\dvdcss
2011-10-28 13:46 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C725323-21B4-43AD-BFFC-C6E53BA4947F}\mpengine.dll
2011-10-28 11:03 . 2011-10-28 11:03 61440 ----a-w- c:\windows\SysWow64\drivers\rimoaov.sys
2011-10-28 10:57 . 2011-10-28 10:57 -------- d---a-w- c:\windows\rundll16.exe
2011-10-28 10:57 . 2011-10-28 10:57 -------- d---a-w- c:\windows\logo1_.exe
2011-10-28 08:27 . 2011-10-31 17:31 -------- d-----w- c:\program files\trend micro
2011-10-28 08:27 . 2011-10-28 08:27 -------- d-----w- C:\rsit
2011-10-27 17:52 . 2011-10-27 17:52 -------- d-----w- c:\program files (x86)\Enigma Software Group
2011-10-27 17:52 . 2011-10-27 20:40 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-27 17:42 . 2011-10-27 17:52 -------- d-----w- C:\sh4ldr
2011-10-27 17:42 . 2011-10-27 17:42 -------- d-----w- c:\program files\Enigma Software Group
2011-10-27 17:41 . 2011-10-27 17:51 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-10-27 17:41 . 2011-10-27 17:52 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-26 15:15 . 2011-10-26 15:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\VDLL.DLL
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\logo_1.exe
2011-10-26 08:47 . 2011-10-26 08:47 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-10-26 08:47 . 2011-10-26 08:47 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-10-26 08:47 . 2011-10-26 08:47 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-10-26 08:47 . 2011-10-26 08:47 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-10-26 08:47 . 2011-10-26 08:47 -------- d-----w- c:\programdata\MicroWorld
2011-10-12 19:30 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-12 19:30 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-10-12 19:30 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-10-12 19:29 . 2011-10-12 19:29 -------- d-----w- c:\program files\iPod
2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- c:\program files\iTunes
2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 16:15 . 2011-10-12 16:15 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 16:15 . 2011-10-12 16:15 -------- d-----w- c:\program files\Bonjour
2011-10-11 18:36 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 18:36 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 18:36 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-11 18:36 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-11 18:36 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 18:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 18:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-11 18:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 18:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 19:36 . 2011-10-31 19:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C725323-21B4-43AD-BFFC-C6E53BA4947F}\offreg.dll
2011-10-28 10:56 . 2011-10-28 10:54 17462651 ----a-w- c:\windows\REGBK00.ZIP
2011-10-03 03:06 . 2010-07-27 06:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 20:45 . 2010-07-27 08:01 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-07-27 08:01 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-02-21 14:26 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-18 14:10 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2010-07-27 08:03 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-07-27 08:03 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-07-27 08:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-07-27 08:03 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-07-27 08:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-27 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Habu"="c:\program files (x86)\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-07-29 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001Core.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 11:28]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001UA.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 11:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-08 9048392]
"RtHDVCpl"="RAVCpl64.exe" [2007-04-23 5071360]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?hl=cs&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2011-10-31 20:42:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-31 19:42
.
Před spuštěním: Volných bajtů: 115 643 199 488
Po spuštění: Volných bajtů: 115 074 424 832
.
- - End Of File - - 0094462B7F10823FC086854EEC0A4927

musel jsem PC ještě jednou restartovat..

[Roli]

Než budeme pokračovat tohle :

c:\windows\SysWow64\drivers\rimoaov.sys

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

[kub4]

http://www.virustotal.com/file-scan/rep ... 1320092477

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\SysWow64\drivers\rimoaov.sys
c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP

FireFox::
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[kub4]

ComboFix 11-10-30.04 - Kuba 31.10.2011 23:29:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2250 [GMT 1:00]
Spuštěný z: c:\users\Kuba\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kuba\Desktop\CFScript.txt
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-01 do 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 02:01 . 2011-11-01 02:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-31 22:51 . 2011-10-31 22:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C725323-21B4-43AD-BFFC-C6E53BA4947F}\offreg.dll
2011-10-31 22:47 . 2011-10-31 22:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-31 22:47 . 2011-10-31 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 10:57 . 2011-10-31 18:40 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2011-10-31 08:12 . 2011-10-31 08:12 -------- d-----w- c:\program files (x86)\CCleaner
2011-10-30 15:04 . 2011-10-30 15:10 -------- d-----w- c:\users\Kuba\AppData\Roaming\dvdcss
2011-10-28 13:46 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C725323-21B4-43AD-BFFC-C6E53BA4947F}\mpengine.dll
2011-10-28 11:03 . 2011-10-28 11:03 61440 ----a-w- c:\windows\SysWow64\drivers\rimoaov.sys
2011-10-28 10:57 . 2011-10-28 10:57 -------- d---a-w- c:\windows\rundll16.exe
2011-10-28 10:57 . 2011-10-28 10:57 -------- d---a-w- c:\windows\logo1_.exe
2011-10-28 08:27 . 2011-10-31 17:31 -------- d-----w- c:\program files\trend micro
2011-10-28 08:27 . 2011-10-28 08:27 -------- d-----w- C:\rsit
2011-10-27 17:52 . 2011-10-27 17:52 -------- d-----w- c:\program files (x86)\Enigma Software Group
2011-10-27 17:52 . 2011-10-27 20:40 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-10-27 17:42 . 2011-10-27 17:52 -------- d-----w- C:\sh4ldr
2011-10-27 17:42 . 2011-10-27 17:42 -------- d-----w- c:\program files\Enigma Software Group
2011-10-27 17:41 . 2011-10-27 17:51 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-10-27 17:41 . 2011-10-27 17:52 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-26 15:15 . 2011-10-26 15:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\VDLL.DLL
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-10-26 09:03 . 2011-10-26 09:03 -------- d---a-w- c:\windows\logo_1.exe
2011-10-26 08:47 . 2011-10-26 08:47 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-10-26 08:47 . 2011-10-26 08:47 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-10-26 08:47 . 2011-10-26 08:47 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-10-26 08:47 . 2011-10-26 08:47 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-10-26 08:47 . 2011-10-26 08:47 -------- d-----w- c:\programdata\MicroWorld
2011-10-12 19:30 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-12 19:30 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-10-12 19:30 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-10-12 19:29 . 2011-10-12 19:29 -------- d-----w- c:\program files\iPod
2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- c:\program files\iTunes
2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 16:15 . 2011-10-12 16:15 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 16:15 . 2011-10-12 16:15 -------- d-----w- c:\program files\Bonjour
2011-10-11 18:36 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 18:36 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 18:36 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-11 18:36 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-11 18:36 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 18:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 18:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-11 18:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 18:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 10:56 . 2011-10-28 10:54 17462651 ----a-w- c:\windows\REGBK00.ZIP
2011-10-03 03:06 . 2010-07-27 06:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 20:45 . 2010-07-27 08:01 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-07-27 08:01 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-02-21 14:26 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-18 14:10 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2010-07-27 08:03 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-07-27 08:03 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-07-27 08:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-07-27 08:03 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-07-27 08:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_19.35.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-01 02:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-31 19:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-31 19:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 02:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 09:46 . 2011-10-31 19:48 57590 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-28 11:07 45310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-31 19:48 45310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 09:15 . 2011-10-31 19:48 14968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2579993915-1778773906-1672663343-1001_UserData.bin
- 2010-07-26 09:08 . 2011-10-31 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 09:08 . 2011-10-31 22:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 09:08 . 2011-10-31 19:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-26 09:08 . 2011-10-31 22:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-31 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-31 22:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 09:15 . 2011-11-01 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 09:15 . 2011-10-31 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 09:15 . 2011-10-31 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 09:15 . 2011-11-01 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-01 02:02 . 2011-11-01 02:02 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
+ 2010-07-31 14:50 . 2011-11-01 02:03 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 34144 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 42848 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 19296 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
+ 2010-02-25 09:07 . 2010-02-25 09:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\VBAJET32.DLL
+ 2010-01-09 19:41 . 2010-01-09 19:41 34648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\THOCRAPI.DLL
+ 2010-03-22 18:42 . 2010-03-22 18:42 99744 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-22 18:42 . 2010-03-22 18:42 47520 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2010-03-22 18:42 . 2010-03-22 18:42 18336 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OMUOPTINPS.DLL
+ 2010-02-28 00:23 . 2010-02-28 00:23 24976 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-03-01 03:17 . 2010-03-01 03:17 17296 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOCFUIU.DLL
+ 2010-03-12 22:55 . 2010-03-12 22:55 14208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBICUI.DLL
+ 2010-03-22 18:42 . 2010-03-22 18:42 71032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\EXP_XPS.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 55232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACERCLR.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 15800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEODTXT.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 15800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 15800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEODDBS.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 43408 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEERR.DLL
+ 2011-11-01 02:09 . 2011-11-01 02:09 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8301416694cb22f15077e6d433e59e2a\Microsoft.Office.Tools.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7ce7180a1e9ef37cd133a88e7cfa35ac\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\f01fa762f59ae32d37fb4b0c9e331c98\Microsoft.Office.Tools.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ac1e4a1b83bdb8c1ad39a54d0cb38bc4\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9b2b2e2e66a51e68a2679339ce4e4a77\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\71a6663950cfe588237265f13a6a9f8f\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\19a56cfd48276cdd930333131e029afe\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f49ab7f96c66031f641e2390ff85b71b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b97304651681e8187cb08b85ee71af27\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a76e914f2d0a6aac2537e118d2a1a7d5\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\723bdb36a46e387e81a1326318f096fc\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
+ 2011-10-31 22:49 . 2011-10-31 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-31 19:34 . 2011-10-31 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-31 22:49 . 2011-10-31 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-31 19:34 . 2011-10-31 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-10-31 19:35 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 02:51 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:36 . 2011-10-31 22:53 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-26 08:05 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-10-26 08:05 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-10-31 22:53 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-10-31 22:53 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-26 08:05 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-10-31 22:53 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2011-10-26 08:05 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-10-31 22:48 384276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-31 19:33 384276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-01 02:02 . 2011-11-01 02:02 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
+ 2011-11-01 02:01 . 2011-11-01 02:01 571232 c:\windows\Installer\{90140000-006E-0405-1000-0000000FF1CE}\misc.exe
- 2010-07-31 14:47 . 2010-07-31 14:47 571232 c:\windows\Installer\{90140000-006E-0405-1000-0000000FF1CE}\misc.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 415584 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 303456 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 571232 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 326496 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 469856 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 178528 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2010-01-09 19:41 . 2010-01-09 19:41 166792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\TWCUTCHR.DLL
+ 2010-02-28 00:20 . 2010-02-28 00:20 607632 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\SELFCERT.EXE
+ 2010-02-28 05:04 . 2010-02-28 05:04 760184 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONWORDADDIN.DLL
+ 2010-02-28 05:04 . 2010-02-28 05:04 688512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONPPTADDIN.DLL
+ 2010-03-29 18:30 . 2010-03-29 18:30 245120 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONENOTEM.EXE
+ 2010-02-28 05:04 . 2010-02-28 05:04 644472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONBTTNWD.DLL
+ 2010-02-28 05:04 . 2010-02-28 05:04 644480 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONBTTNPPT.DLL
+ 2010-03-01 03:19 . 2010-03-01 03:19 900480 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONBTTNOL.DLL
+ 2010-02-28 00:27 . 2010-02-28 00:27 368504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OISGRAPH.DLL
+ 2010-02-28 00:27 . 2010-02-28 00:27 299368 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OIS.EXE
+ 2010-02-28 00:17 . 2010-02-28 00:17 513912 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OFFXML.DLL
+ 2010-03-10 19:51 . 2010-03-10 19:51 571320 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-01-09 19:30 . 2010-01-09 19:30 231816 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OARPMANY.EXE
+ 2010-03-29 19:52 . 2010-03-29 19:52 320352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-16 01:38 . 2010-03-16 01:38 489336 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOUC.EXE
+ 2010-03-16 01:38 . 2010-03-16 01:38 908160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOSYNC.EXE
+ 2010-03-24 18:30 . 2010-03-24 18:30 473952 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOICONS.EXE
+ 2010-03-06 03:59 . 2010-03-06 03:59 687968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-01-10 17:47 . 2010-01-10 17:47 436112 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-03-01 03:17 . 2010-03-01 03:17 221048 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSOCF.DLL
+ 2010-03-24 18:29 . 2010-03-24 18:29 571232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MISC.EXE
+ 2010-07-31 14:50 . 2010-07-31 14:50 427904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBITOOL.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 169856 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBITOIN.DLL
+ 2010-03-12 22:55 . 2010-03-12 22:55 665472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBIRTMR.DLL
+ 2010-03-12 22:55 . 2010-03-12 22:55 956288 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBIOBDR.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 956288 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBIOBDA.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBICLNT.DLL
+ 2010-03-12 22:55 . 2010-03-12 22:55 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBICLNR.DLL
+ 2010-03-13 12:54 . 2010-03-13 12:54 613760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBICLI.DLL
+ 2010-03-12 22:55 . 2010-03-12 22:55 513920 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBIBDCR.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 513920 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBIBDCA.DLL
+ 2010-03-22 18:42 . 2010-03-22 18:42 234880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\IETAG.DLL
+ 2010-02-28 05:04 . 2010-02-28 05:04 725928 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
+ 2010-02-04 02:37 . 2010-02-04 02:37 157024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\FLTLDR.EXE
+ 2010-02-25 09:07 . 2010-02-25 09:07 518984 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\EXPSRV.DLL
+ 2010-03-23 09:41 . 2010-03-23 09:41 138104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\EXP_PDF.DLL
+ 2010-02-28 00:17 . 2010-02-28 00:17 629664 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\DWTRIG20.EXE
+ 2010-03-01 03:17 . 2010-03-01 03:17 531800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\CDLMSO.DLL
+ 2010-03-10 17:53 . 2010-03-10 17:53 116632 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\BUSDATAR.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 116632 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\BUSDATA.DLL
+ 2010-01-18 19:02 . 2010-01-18 19:02 142776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ASLTS.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 502168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEXBE.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 297360 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACETXT.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 691616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 451480 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACER3X.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 536992 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-22 18:50 . 2010-03-22 18:50 342960 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEODBC.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 442272 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEEXCH.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 898456 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEEXCL.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 744888 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEDAO.DLL
+ 2011-11-01 02:09 . 2011-11-01 02:09 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ff4466a4f4edd74967ffd68b32ed42fe\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\f244c79b2b74ce5d958992b035bcae5b\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\e3c203e0682e3d84c5abe2bbf67f36ee\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\431e8f8fb8c650e566bfff9fa1114690\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 864256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\1423e98c74015fd6dff8acb6672845d9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 232448 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\05e62412ad3f1f3f4b3cab5b35c61840\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 408064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\dee40d0e766d62b10540ebe5b3fda5dd\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7e0c3e59372160f90d0c17225f5c0e1a\Microsoft.Office.Tools.Outlook.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7da8e01276e9763783ff11a7ae146c5f\Microsoft.Office.Tools.Common.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\14b878bd3fdd08127dd20c7cf94173f2\Microsoft.Office.Tools.Excel.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e425a2bfd8281ff959f0f4b7884a9bdf\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bac77175ca598fa44c64861a18b182ec\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b508c1a8715fa22d8a1a25c8bc4366bd\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8fc3954eda901e8c39e4731af5d6426e\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8efedc192ad140d96b00a9edf76951e6\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\755ed0463f475a65ec459d2f4f67391a\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\f8c5c0de2a2bd3c0569d384d4d757660\Microsoft.Office.Tools.Common.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\bb1401e190028271d8daad33f0394fa7\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b4128a477f244d3b4fbcdf6c539a0226\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\a58b1c7c833e65136ad5ec1cf51b7c3c\Microsoft.Office.Tools.Word.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\1d01c36fea73905edcd30231fd50de91\Microsoft.Office.Tools.Outlook.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\0fef4345375db0c723a1bb8be585c0d1\Microsoft.Office.Tools.Excel.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f14d988f0a2140ab746567627add901b\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\decc2b5bc04141ba4044a81ae2245ba9\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bab8b770342bef1373dd65a6cd97ae95\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\75efd918615705fa0081fcf2d76f8ff5\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\65c3b9746c2c5c232e034ac1cac13c41\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\61a2509f46b9fe12fb87f38cb85bc67f\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4b57dd0097ff68f0448e01b9c1615b33\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\38fc2fd1656eab4beb6632e072afb735\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:03 . 2011-11-01 02:03 675840 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.BusinessD#\1c317bca8a44c6d7d0b6c7b3cdd16d53\Microsoft.BusinessData.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e29fcbc5cb55983d0f0e7deaba15d1fe\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:06 . 2011-11-01 02:06 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cbaf1e2f012225f975829aa69aaffc0c\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96c9f4776983ce5117071c54957ca686\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6aed22875a2d7f279fe80f6eba524b7e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\193931d8a264d135001ea449464b9383\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14c004acbf02bd8f341bb1328d56e270\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\020acab768b8613debbe3fd7a7755853\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 513920 c:\windows\assembly\GAC_64\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 513920 c:\windows\assembly\GAC_64\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 960384 c:\windows\assembly\GAC_64\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
+ 2010-10-20 11:42 . 2010-10-20 11:42 1604456 c:\windows\system32\FM20.DLL
+ 2011-04-28 22:26 . 2011-04-28 22:26 1648640 c:\windows\Installer\af9c0d.msp
+ 2011-04-28 22:21 . 2011-04-28 22:21 6610432 c:\windows\Installer\af9bda.msp
+ 2011-04-28 21:23 . 2011-04-28 21:23 1648640 c:\windows\Installer\af9bca.msp
+ 2011-04-28 20:15 . 2011-04-28 20:15 4758016 c:\windows\Installer\af9a52.msp
+ 2011-04-28 19:58 . 2011-04-28 19:58 3881984 c:\windows\Installer\af9a28.msp
- 2010-07-31 14:50 . 2011-09-17 01:04 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 1479520 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 1858400 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 3792736 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
+ 2010-07-31 14:50 . 2011-11-01 02:03 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
- 2010-07-31 14:50 . 2011-09-17 01:04 1449312 c:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2010-02-17 19:56 . 2010-02-17 19:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-02-25 09:07 . 2010-02-25 09:07 3637064 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\VBE7.DLL
+ 2010-03-01 03:08 . 2010-03-01 03:08 3911576 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\STSLIST.DLL
+ 2010-03-10 19:51 . 2010-03-10 19:51 1377656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\SETUP.EXE
+ 2010-03-09 08:01 . 2010-03-09 08:01 2163560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\POWERPNT.EXE
+ 2010-03-10 19:51 . 2010-03-10 19:51 7378792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OSETUP.DLL
+ 2010-03-30 06:35 . 2010-03-30 06:35 1583472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ONFILTER.DLL
+ 2010-02-28 00:27 . 2010-02-28 00:27 1530224 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OISAPP.DLL
+ 2010-01-09 19:24 . 2010-01-09 19:24 4965752 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OIMG.DLL
+ 2010-02-28 00:28 . 2010-02-28 00:28 9832832 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-02-28 00:21 . 2010-02-28 00:21 1045352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSTORDB.EXE
+ 2010-02-28 00:21 . 2010-02-28 00:21 1039208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MEDCAT.DLL
+ 2010-07-31 14:50 . 2010-07-31 14:50 1689472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\LOBISYNC.DLL
+ 2010-03-30 06:43 . 2010-03-30 06:43 9063792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\IPEDITOR.DLL
+ 2010-03-24 19:38 . 2010-03-24 19:38 1371528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\GROOVEMN.EXE
+ 2010-03-12 20:35 . 2010-03-12 20:35 6437760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\GRAPH.EXE
+ 2010-03-01 03:08 . 2010-03-01 03:08 2536296 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\GFX.DLL
+ 2010-02-20 15:20 . 2010-02-20 15:20 1603944 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\FM20.DLL
+ 2010-01-18 19:02 . 2010-01-18 19:02 2242968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ASSAPIFE.DLL
+ 2010-01-18 19:02 . 2010-01-18 19:02 1667960 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ASMAIN.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 3050912 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEWDAT.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 1013160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACEES.DLL
+ 2010-03-23 08:55 . 2010-03-23 08:55 3212680 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\ACECORE.DLL
+ 2011-11-01 02:09 . 2011-11-01 02:09 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\da4fb8444172ef9c9447aff0921cfb54\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 2034688 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\854059a46a40dd48dd2e96725ada2b78\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 1117184 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\5be8cdb1f33142b52ff128672b87d70b\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2011-11-01 02:09 . 2011-11-01 02:09 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\027bac94fcf73a9bf17802dc66182095\Microsoft.Office.Tools.Word.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\f27bf53f7f9df2f9b2a5c88ebe13e9bc\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2011-11-01 02:07 . 2011-11-01 02:07 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b2a8229e1ff713cd46c148a0b3e6076c\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2011-11-01 02:08 . 2011-11-01 02:08 2826240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.Bu#\c1f4cfaf485371ba4d406a140883dc2c\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2011-11-01 02:03 . 2011-11-01 02:03 2206208 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.Bu#\85e158978e26769df894fe81b1364969\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2011-11-01 02:04 . 2011-11-01 02:04 4488704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.Bu#\818ce272c14f9adb7282817a854a4156\Microsoft.Office.BusinessData.ni.dll
+ 2011-11-01 02:04 . 2011-11-01 02:04 6566400 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.Bu#\3de3a709ae5bf955fc51daeb2e308c4e\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2011-11-01 02:02 . 2011-11-01 02:02 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2010-07-31 14:50 . 2010-07-31 14:50 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
+ 2010-12-01 00:23 . 2011-10-31 22:48 32916200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2579993915-1778773906-1672663343-1001-8192.dat
- 2010-12-01 00:23 . 2011-10-31 19:33 32916200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2579993915-1778773906-1672663343-1001-8192.dat
+ 2011-04-28 19:34 . 2011-04-28 19:34 10677760 c:\windows\Installer\af9c04.msp
+ 2011-04-28 22:20 . 2011-04-28 22:20 15125504 c:\windows\Installer\af9bef.msp
+ 2011-04-28 20:42 . 2011-04-28 20:42 26077184 c:\windows\Installer\af9a5b.msp
+ 2011-04-28 19:28 . 2011-04-28 19:28 29734400 c:\windows\Installer\af9a41.msp
+ 2010-03-22 18:42 . 2010-03-22 18:42 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000100000000F01FEC\14.0.4763\MSORES.DLL
+ 2011-04-28 19:35 . 2011-04-28 19:35 522330112 c:\windows\Installer\af9bc1.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-27 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Habu"="c:\program files (x86)\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-07-29 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001Core.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 11:28]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579993915-1778773906-1672663343-1001UA.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 11:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-08 9048392]
"RtHDVCpl"="RAVCpl64.exe" [2007-04-23 5071360]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\9zkmx3cq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?hl=cs&source=iglk
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2011-11-01 07:36:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-01 06:36
ComboFix2.txt 2011-10-31 19:42
.
Před spuštěním: Volných bajtů: 115 590 774 784
Po spuštění: Volných bajtů: 112 926 552 064
.
- - End Of File - - 4FFEC53BBF3F7F6C09F8B7C0062969F8

[Roli]

Aha tak ono se tomu nechce, no tak jinak.

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\windows\SysWow64\drivers\rimoaov.sys

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[kub4]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\89A072791DB3485AB1DF584DF86774B9.TMP folder moved successfully.
C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP folder moved successfully.
C:\WINDOWS\D3F93A5A7A5D4867B2A16F46500D006C.TMP folder moved successfully.
c:\windows\SysWow64\drivers\rimoaov.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kuba
->Temp folder emptied: 1786 bytes
->Temporary Internet Files folder emptied: 673161 bytes
->Java cache emptied: 6646746 bytes
->FireFox cache emptied: 56654100 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 7443 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11012011_182444
All processes killed

OTM by OldTimer - Version 3.1.19.0 log created on 11012011_182444

Files moved on Reboot...
C:\Users\Kuba\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jaký je stav.

[kub4]

provedeno, bohužel nepomohlo. S tak komplikovaným virem jsem se ještě nesetkal..