Dobrý den,
prosím o kontrolu ač už vím, že tam nějaký mrchy mám, udělal jsem si kontrolu mwav a pár mi jich našlo než mi ten scan skolaboval.
Snad jsou všechny ve zde předloženým logu. Děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by frajer-smoula at 2011-11-18 21:34:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 3071 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:55, on 18.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\frajer-smoula.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Ashampoo US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
O2 - BHO: Ashampoo US - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ashampoo US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-156553736-788906822-3014006816-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14111 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
"C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe" /StartService
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe" /StartService
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 2588
"taskhost.exe"
taskeng.exe {DA2DF351-C2C3-44FC-B51F-F07237CF4B21}
"C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe"
"C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\AsScrPro.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe" SMTN_TRIALEXPIRED:66
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\frajer-smoula\Desktop\sada_A_jaro_2011_TS_20110628MA_Z_DT.pdf"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\frajer-smoula\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AIRecoveryRemind.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\SlimDrivers Startup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-09-11 410288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
Ashampoo US Toolbar - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll [2008-12-08 61792]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll [2011-07-13 419768]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL [2009-11-17 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-11 305328]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-20 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-04-21 1535808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-09-11 410288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-04-21 1000768]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]
{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - Ashampoo US Toolbar - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll [2011-01-17 175912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-11 305328]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll [2011-07-13 419768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2010-03-16 1754448]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2011-09-01 2776872]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2008-12-08 453984]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-09-01 2776872]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-26 3318784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-26 3318784]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"RegistryBooster"=C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe [2011-10-10 67456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-09-16 3054136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-10-17 13307496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-05-26 15147400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [2010-04-05 370480]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Boingo Wi-Fi"=C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2010-09-16 2429]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-20 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"iolo Startup"=C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [2011-08-08 606392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="{DLL_Str}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-09 249344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ioloSystemService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2011-11-18 21:34:49 ----D---- C:\rsit
2011-11-18 19:56:45 ----AD---- C:\Windows\rundll16.exe
2011-11-18 19:56:45 ----AD---- C:\Windows\logo1_.exe
2011-11-18 18:57:39 ----D---- C:\Windows\system32\Macromed
2011-11-18 17:01:59 ----AD---- C:\Windows\VDLL.DLL
2011-11-18 17:01:59 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2011-11-18 17:01:59 ----AD---- C:\Windows\RUNDL132.EXE
2011-11-18 17:01:59 ----AD---- C:\Windows\logo_1.exe
2011-11-18 16:56:04 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2011-11-18 16:56:03 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2011-11-18 16:56:02 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2011-11-18 16:55:37 ----D---- C:\ProgramData\MicroWorld
2011-11-17 23:47:56 ----D---- C:\ProgramData\BVRP Software
2011-11-17 23:47:56 ----D---- C:\Program Files (x86)\Motorola Phone Tools
2011-11-17 23:47:17 ----D---- C:\Users\frajer-smoula\AppData\Roaming\InstallShield
2011-11-09 19:12:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-09 19:12:04 ----A---- C:\Windows\system32\win32k.sys
2011-11-08 15:33:51 ----D---- C:\Users\frajer-smoula\AppData\Roaming\Unity
2011-11-03 18:17:20 ----A---- C:\Windows\ScUnin.pif
2011-11-03 18:17:20 ----A---- C:\Windows\ScUnin.exe
2011-11-03 18:17:20 ----A---- C:\Windows\scunin.dat
2011-11-03 18:13:51 ----D---- C:\Program Files (x86)\Starcraft
2011-11-03 16:41:13 ----D---- C:\Diablo
2011-11-03 16:32:47 ----A---- C:\Windows\diabunin.exe
2011-11-03 16:32:47 ----A---- C:\Windows\bnetunin.exe
2011-11-03 11:59:48 ----D---- C:\Users\frajer-smoula\AppData\Roaming\Uniblue
2011-11-03 11:59:46 ----HDC---- C:\ProgramData\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D}
2011-11-03 11:59:46 ----D---- C:\Program Files (x86)\Uniblue
2011-11-03 11:32:54 ----A---- C:\Windows\system32\nvhdap64.dll
2011-11-03 11:32:54 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2011-11-03 11:32:53 ----A---- C:\Windows\system32\nvhdagenco6420102.dll
2011-11-03 11:32:43 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-11-03 11:32:43 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-11-03 11:32:43 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-11-03 11:32:43 ----A---- C:\Windows\system32\OpenCL.dll
2011-11-03 11:32:43 ----A---- C:\Windows\system32\nvoglv64.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-11-03 11:32:42 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-11-03 11:32:42 ----A---- C:\Windows\system32\nvcuvid.dll
2011-11-03 11:32:42 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-11-03 11:32:42 ----A---- C:\Windows\system32\nvcuda.dll
2011-11-03 11:32:42 ----A---- C:\Windows\system32\nvcompiler.dll
2011-11-03 11:32:42 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-11-03 11:28:23 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-11-03 11:27:44 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-11-03 11:27:44 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2011-11-03 11:27:43 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-11-03 11:27:42 ----A---- C:\Windows\system32\RtkCfg64.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RtkApi64.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RTEEP64A.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RTEEL64A.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RTEEG64A.dll
2011-11-03 11:27:41 ----A---- C:\Windows\system32\RTEED64A.dll
2011-11-03 11:27:40 ----A---- C:\Windows\system32\RTCOM64.dll
2011-11-03 11:27:40 ----A---- C:\Windows\system32\RP3DHT64.dll
2011-11-03 11:27:40 ----A---- C:\Windows\system32\RP3DAA64.dll
2011-11-03 11:27:40 ----A---- C:\Windows\system32\RCoInst64.dll
2011-11-03 11:27:40 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2011-11-03 11:27:36 ----A---- C:\Windows\system32\FMAPO64.dll
2011-11-03 11:27:31 ----A---- C:\Windows\system32\AERTAR64.dll
2011-11-03 11:27:31 ----A---- C:\Windows\system32\AERTAC64.dll
2011-10-28 12:27:53 ----RA---- C:\Windows\SYSWOW64\GEARAspi.dll
2011-10-28 12:27:52 ----RA---- C:\Windows\system32\GEARAspi64.dll
2011-10-28 12:27:52 ----RA---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-10-28 12:27:49 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-28 12:27:27 ----D---- C:\Program Files\Symantec
2011-10-28 12:27:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-28 12:26:22 ----D---- C:\Windows\system32\drivers\N360x64
2011-10-28 12:26:19 ----D---- C:\Program Files (x86)\Norton 360
2011-10-25 14:10:27 ----A---- C:\Windows\game.ini
2011-10-25 14:03:48 ----D---- C:\Program Files (x86)\Activision
2011-10-23 20:52:52 ----D---- C:\Users\frajer-smoula\AppData\Roaming\Auslogics
2011-10-23 20:52:15 ----D---- C:\Program Files (x86)\Auslogics
2011-10-23 18:57:13 ----A---- C:\Windows\system32\drivers\ElRawDsk.sys
2011-10-23 18:52:50 ----A---- C:\Windows\system32\Incinerator64.dll
2011-10-23 18:52:49 ----A---- C:\Windows\SYSWOW64\Incinerator32.dll
2011-10-23 18:52:47 ----A---- C:\Windows\SYSWOW64\offreg.dll
2011-10-23 18:52:47 ----A---- C:\Windows\system32\smrgdf.exe
2011-10-23 18:52:47 ----A---- C:\Windows\system32\offreg.dll
2011-10-23 18:52:47 ----A---- C:\Windows\system32\iolobtdfg.exe
2011-10-23 18:52:46 ----D---- C:\Program Files (x86)\iolo
2011-10-23 18:46:14 ----D---- C:\iolo
======List of files/folders modified in the last 1 month======
2011-11-18 21:34:54 ----D---- C:\Program Files\trend micro
2011-11-18 21:34:52 ----D---- C:\Windows\temp
2011-11-18 19:56:50 ----D---- C:\Windows
2011-11-18 19:31:38 ----D---- C:\Windows\system32\config
2011-11-18 19:10:46 ----D---- C:\ProgramData\Spyware Terminator
2011-11-18 19:10:41 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-11-18 19:05:38 ----D---- C:\Users\frajer-smoula\AppData\Roaming\Skype
2011-11-18 19:05:32 ----D---- C:\Windows\Prefetch
2011-11-18 19:05:29 ----D---- C:\Windows\Minidump
2011-11-18 19:05:29 ----D---- C:\Windows\debug
2011-11-18 18:57:53 ----D---- C:\Windows\system32\Tasks
2011-11-18 18:57:39 ----D---- C:\Windows\System32
2011-11-18 18:55:53 ----D---- C:\Windows\system32\drivers
2011-11-18 18:55:17 ----D---- C:\ProgramData\NVIDIA
2011-11-18 18:53:29 ----SHD---- C:\System Volume Information
2011-11-18 18:51:04 ----D---- C:\Users\frajer-smoula\AppData\Roaming\SoftGrid Client
2011-11-18 17:01:59 ----D---- C:\Windows\SysWOW64
2011-11-18 16:55:56 ----D---- C:\Program Files (x86)\Common Files
2011-11-18 16:55:37 ----D---- C:\ProgramData
2011-11-18 00:42:10 ----D---- C:\Windows\system32\NDF
2011-11-18 00:26:50 ----D---- C:\Windows\inf
2011-11-18 00:26:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-17 23:48:57 ----SHD---- C:\Windows\Installer
2011-11-17 23:48:53 ----D---- C:\Windows\winsxs
2011-11-17 23:47:56 ----RD---- C:\Program Files (x86)
2011-11-17 23:47:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-11-15 22:39:06 ----D---- C:\Users\frajer-smoula\AppData\Roaming\vlc
2011-11-15 19:53:24 ----D---- C:\Windows\Microsoft.NET
2011-11-15 19:53:23 ----RSD---- C:\Windows\assembly
2011-11-13 16:26:52 ----D---- C:\Windows\system32\catroot
2011-11-13 16:25:25 ----D---- C:\Users\frajer-smoula\AppData\Roaming\skypePM
2011-11-13 16:25:25 ----D---- C:\ProgramData\Skype Extras
2011-11-11 11:05:18 ----D---- C:\Program Files\Common Files\System
2011-11-11 06:52:33 ----SD---- C:\Users\frajer-smoula\AppData\Roaming\Microsoft
2011-11-10 08:25:02 ----A---- C:\Windows\system32\MRT.exe
2011-11-09 19:11:51 ----D---- C:\Windows\system32\catroot2
2011-11-09 15:56:36 ----D---- C:\Users\frajer-smoula\AppData\Roaming\uTorrent
2011-11-06 13:38:47 ----D---- C:\Users\frajer-smoula\AppData\Roaming\Spyware Terminator
2011-11-03 12:42:49 ----D---- C:\Boot
2011-11-03 12:42:47 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-11-03 11:59:50 ----D---- C:\Windows\Tasks
2011-11-03 11:42:18 ----A---- C:\Windows\system32\acovcnt.exe
2011-11-03 11:40:39 ----D---- C:\Program Files\Elantech
2011-11-03 11:38:20 ----D---- C:\Windows\system32\DriverStore
2011-11-03 11:37:46 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-11-03 11:29:05 ----HD---- C:\Program Files (x86)\Temp
2011-10-28 12:27:27 ----RD---- C:\Program Files
2011-10-28 12:27:27 ----D---- C:\Program Files\Common Files
2011-10-28 12:26:13 ----D---- C:\ProgramData\NortonInstaller
2011-10-28 12:26:10 ----D---- C:\Program Files (x86)\NortonInstaller
2011-10-25 13:34:08 ----D---- C:\Program Files (x86)\Gothic III
2011-10-24 20:42:03 ----D---- C:\Windows\system32\drivers\UMDF
2011-10-23 23:44:10 ----AD---- C:\ProgramData\Temp
2011-10-23 20:12:03 ----D---- C:\ProgramData\iolo
2011-10-20 21:32:44 ----D---- C:\Program Files (x86)\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-09 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-17 270912]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-11-09 482936]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111117.030\IDSvia64.sys [2011-10-26 488568]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [2010-04-22 505392]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [2010-04-22 32304]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-07-12 88480]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-07-12 46400]
R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [2009-01-07 40992]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-05-23 2750464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-09-01 197416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-10-18 2957544]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111118.004\ENG64.SYS [2011-10-28 117880]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111118.004\EX64.SYS [2011-10-28 2048632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys [2009-01-06 40480]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2010-03-22 29800]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-10-28 173104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-11 21712]
S3 Maplom;Maplom; C:\Windows\system32\drivers\Maplom.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2011-11-18 15672]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-10 96896]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 ioloSystemService;iolo System Service; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-01-06 255008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-06-08 66872]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-07-26 948775]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-01-07 169504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-16 182768]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu
Zdravím!
Poprosím o log z ComboFix.
Poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu
ComboFix 11-11-18.02 - frajer-smoula 18.11.2011 22:07:48.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1309 [GMT 1:00]
Spuštěný z: c:\users\frajer-smoula\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-18 do 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 20:34 . 2011-11-18 20:35 -------- d-----w- C:\rsit
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\rundll16.exe
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\logo1_.exe
2011-11-18 17:57 . 2011-11-18 17:57 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\VDLL.DLL
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\logo_1.exe
2011-11-18 15:56 . 2011-11-18 15:56 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-11-18 15:56 . 2011-11-18 15:56 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-11-18 15:56 . 2011-11-18 15:56 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\programdata\MicroWorld
2011-11-17 22:52 . 2011-11-17 22:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:59 -------- d-----w- c:\programdata\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:49 -------- d-----w- c:\program files (x86)\Motorola Phone Tools
2011-11-17 22:47 . 2011-11-17 22:47 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\InstallShield
2011-11-09 18:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:33 . 2011-11-08 14:33 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Unity
2011-11-08 13:52 . 2011-11-08 13:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\Unity
2011-11-03 17:17 . 2011-11-03 17:17 967 ----a-w- c:\windows\ScUnin.pif
2011-11-03 17:17 . 2011-11-03 17:17 94208 ----a-w- c:\windows\ScUnin.exe
2011-11-03 17:13 . 2011-11-03 18:03 -------- d-----w- c:\program files (x86)\Starcraft
2011-11-03 15:41 . 2011-11-03 15:44 -------- d-----w- C:\Diablo
2011-11-03 15:38 . 1998-10-30 15:30 760320 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Diablo\diablo.exe
2011-11-03 15:32 . 2011-11-03 15:44 86528 ----a-w- c:\windows\bnetunin.exe
2011-11-03 15:32 . 2011-11-03 15:44 61440 ----a-w- c:\windows\diabunin.exe
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- dc-h--w- c:\programdata\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D}
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\program files (x86)\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Local\PackageAware
2011-11-03 10:28 . 2011-11-03 10:28 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-10-28 11:27 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-10-28 11:27 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-28 11:27 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-10-28 11:27 . 2011-10-28 11:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Symantec
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-28 11:26 . 2011-11-04 08:22 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-10-28 11:26 . 2011-10-28 11:26 -------- d-----w- c:\program files (x86)\Norton 360
2011-10-25 13:03 . 2011-10-25 13:03 -------- d-----w- c:\program files (x86)\Activision
2011-10-23 19:52 . 2011-10-23 19:55 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Auslogics
2011-10-23 19:52 . 2011-10-23 19:52 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-23 17:57 . 2008-12-09 08:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-10-23 17:52 . 2011-08-08 12:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2011-10-23 17:52 . 2011-08-08 12:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-10-23 17:52 . 2011-08-08 13:01 14848 ----a-w- c:\windows\system32\smrgdf.exe
2011-10-23 17:52 . 2011-08-08 13:01 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-10-23 17:52 . 2010-02-08 21:36 69000 ----a-w- c:\windows\system32\offreg.dll
2011-10-23 17:52 . 2010-02-08 20:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\program files (x86)\iolo
2011-10-23 17:46 . 2011-10-23 17:46 -------- d-----w- C:\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:29 . 2011-10-11 20:41 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-18 17:57 . 2011-06-07 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-18 16:07 . 2011-11-18 16:05 17445963 ----a-w- c:\windows\REGBK00.ZIP
2011-11-03 10:42 . 2011-06-18 19:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-15 08:53 . 2011-08-10 06:58 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-08-10 06:58 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-08-10 06:58 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-08-10 06:58 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-08-10 06:58 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-08-10 06:58 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-08-10 06:58 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-08-10 06:58 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-08-10 06:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 06:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2009-12-10 23:15 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-12-10 23:15 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-12-10 23:15 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 20:09 . 2011-10-11 20:09 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-10-10 22:27 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-10 22:27 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 07:00 . 2011-10-09 11:37 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E4D797E-AB26-4CAA-A09C-1F716F0B9460}\mpengine.dll
2011-09-17 07:54 . 2011-09-17 07:54 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-01 05:24 . 2011-10-16 23:27 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-16 23:27 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-16 23:27 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-16 23:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 01:02 . 2011-09-01 01:02 197416 ----a-w- c:\windows\system32\drivers\ETD.sys
2011-08-31 17:12 . 2010-09-16 19:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-27 05:37 . 2011-10-16 19:25 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-16 19:25 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-16 19:25 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-16 19:25 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2003-05-23 13:56 . 2011-06-25 22:40 41472 ------w- c:\program files (x86)\DrvMgt.dll
2003-05-23 13:56 . 2011-06-25 22:40 12400 ------w- c:\program files (x86)\SECDRV.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-10-10 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-16 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-9-16 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-16 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-11 21712]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111117.030\IDSvia64.sys [2011-10-26 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-26 c:\windows\Tasks\AIRecoveryRemind.job
- c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-09-11 01:08]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-03 10:18]
.
2011-11-18 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-09-07 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-09-01 2776872]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: Crawler Search - tbr:iemenu
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,aa,44,a9,d2,60,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2011-11-18 23:51:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-18 22:51
.
Před spuštěním: 6 234 615 808
Po spuštění: 6 478 290 944
.
- - End Of File - - C90710FE41A0AEA0A1268279C7EB5668
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1309 [GMT 1:00]
Spuštěný z: c:\users\frajer-smoula\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-18 do 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-18 21:23 . 2011-11-18 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 20:34 . 2011-11-18 20:35 -------- d-----w- C:\rsit
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\rundll16.exe
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\logo1_.exe
2011-11-18 17:57 . 2011-11-18 17:57 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\VDLL.DLL
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\logo_1.exe
2011-11-18 15:56 . 2011-11-18 15:56 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-11-18 15:56 . 2011-11-18 15:56 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-11-18 15:56 . 2011-11-18 15:56 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\programdata\MicroWorld
2011-11-17 22:52 . 2011-11-17 22:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:59 -------- d-----w- c:\programdata\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:49 -------- d-----w- c:\program files (x86)\Motorola Phone Tools
2011-11-17 22:47 . 2011-11-17 22:47 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\InstallShield
2011-11-09 18:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:33 . 2011-11-08 14:33 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Unity
2011-11-08 13:52 . 2011-11-08 13:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\Unity
2011-11-03 17:17 . 2011-11-03 17:17 967 ----a-w- c:\windows\ScUnin.pif
2011-11-03 17:17 . 2011-11-03 17:17 94208 ----a-w- c:\windows\ScUnin.exe
2011-11-03 17:13 . 2011-11-03 18:03 -------- d-----w- c:\program files (x86)\Starcraft
2011-11-03 15:41 . 2011-11-03 15:44 -------- d-----w- C:\Diablo
2011-11-03 15:38 . 1998-10-30 15:30 760320 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Diablo\diablo.exe
2011-11-03 15:32 . 2011-11-03 15:44 86528 ----a-w- c:\windows\bnetunin.exe
2011-11-03 15:32 . 2011-11-03 15:44 61440 ----a-w- c:\windows\diabunin.exe
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- dc-h--w- c:\programdata\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D}
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\program files (x86)\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Local\PackageAware
2011-11-03 10:28 . 2011-11-03 10:28 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-10-28 11:27 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-10-28 11:27 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-28 11:27 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-10-28 11:27 . 2011-10-28 11:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Symantec
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-28 11:26 . 2011-11-04 08:22 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-10-28 11:26 . 2011-10-28 11:26 -------- d-----w- c:\program files (x86)\Norton 360
2011-10-25 13:03 . 2011-10-25 13:03 -------- d-----w- c:\program files (x86)\Activision
2011-10-23 19:52 . 2011-10-23 19:55 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Auslogics
2011-10-23 19:52 . 2011-10-23 19:52 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-23 17:57 . 2008-12-09 08:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-10-23 17:52 . 2011-08-08 12:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2011-10-23 17:52 . 2011-08-08 12:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-10-23 17:52 . 2011-08-08 13:01 14848 ----a-w- c:\windows\system32\smrgdf.exe
2011-10-23 17:52 . 2011-08-08 13:01 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-10-23 17:52 . 2010-02-08 21:36 69000 ----a-w- c:\windows\system32\offreg.dll
2011-10-23 17:52 . 2010-02-08 20:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\program files (x86)\iolo
2011-10-23 17:46 . 2011-10-23 17:46 -------- d-----w- C:\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:29 . 2011-10-11 20:41 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-18 17:57 . 2011-06-07 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-18 16:07 . 2011-11-18 16:05 17445963 ----a-w- c:\windows\REGBK00.ZIP
2011-11-03 10:42 . 2011-06-18 19:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-15 08:53 . 2011-08-10 06:58 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-08-10 06:58 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-08-10 06:58 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-08-10 06:58 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-08-10 06:58 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-08-10 06:58 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-08-10 06:58 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-08-10 06:58 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-08-10 06:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 06:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2009-12-10 23:15 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-12-10 23:15 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-12-10 23:15 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 20:09 . 2011-10-11 20:09 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-10-10 22:27 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-10 22:27 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 07:00 . 2011-10-09 11:37 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E4D797E-AB26-4CAA-A09C-1F716F0B9460}\mpengine.dll
2011-09-17 07:54 . 2011-09-17 07:54 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-01 05:24 . 2011-10-16 23:27 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-16 23:27 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-16 23:27 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-16 23:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 01:02 . 2011-09-01 01:02 197416 ----a-w- c:\windows\system32\drivers\ETD.sys
2011-08-31 17:12 . 2010-09-16 19:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-27 05:37 . 2011-10-16 19:25 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-16 19:25 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-16 19:25 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-16 19:25 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2003-05-23 13:56 . 2011-06-25 22:40 41472 ------w- c:\program files (x86)\DrvMgt.dll
2003-05-23 13:56 . 2011-06-25 22:40 12400 ------w- c:\program files (x86)\SECDRV.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-10-10 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-16 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-9-16 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-16 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-11 21712]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111117.030\IDSvia64.sys [2011-10-26 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-26 c:\windows\Tasks\AIRecoveryRemind.job
- c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-09-11 01:08]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-03 10:18]
.
2011-11-18 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-09-07 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-09-01 2776872]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: Crawler Search - tbr:iemenu
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,aa,44,a9,d2,60,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2011-11-18 23:51:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-18 22:51
.
Před spuštěním: 6 234 615 808
Po spuštění: 6 478 290 944
.
- - End Of File - - C90710FE41A0AEA0A1268279C7EB5668
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files (x86)\ConduitEngine
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu
ComboFix 11-11-18.02 - frajer-smoula 19.11.2011 11:48:37.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1429 [GMT 1:00]
Spuštěný z: c:\users\frajer-smoula\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\frajer-smoula\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-19 do 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 20:34 . 2011-11-18 20:35 -------- d-----w- C:\rsit
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\rundll16.exe
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\logo1_.exe
2011-11-18 17:57 . 2011-11-18 17:57 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\VDLL.DLL
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\logo_1.exe
2011-11-18 15:56 . 2011-11-18 15:56 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-11-18 15:56 . 2011-11-18 15:56 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-11-18 15:56 . 2011-11-18 15:56 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\programdata\MicroWorld
2011-11-17 22:52 . 2011-11-17 22:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:59 -------- d-----w- c:\programdata\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:49 -------- d-----w- c:\program files (x86)\Motorola Phone Tools
2011-11-17 22:47 . 2011-11-17 22:47 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\InstallShield
2011-11-09 18:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:33 . 2011-11-08 14:33 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Unity
2011-11-08 13:52 . 2011-11-08 13:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\Unity
2011-11-03 17:17 . 2011-11-03 17:17 967 ----a-w- c:\windows\ScUnin.pif
2011-11-03 17:17 . 2011-11-03 17:17 94208 ----a-w- c:\windows\ScUnin.exe
2011-11-03 17:13 . 2011-11-03 18:03 -------- d-----w- c:\program files (x86)\Starcraft
2011-11-03 15:41 . 2011-11-03 15:44 -------- d-----w- C:\Diablo
2011-11-03 15:38 . 1998-10-30 15:30 760320 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Diablo\diablo.exe
2011-11-03 15:32 . 2011-11-03 15:44 86528 ----a-w- c:\windows\bnetunin.exe
2011-11-03 15:32 . 2011-11-03 15:44 61440 ----a-w- c:\windows\diabunin.exe
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- dc-h--w- c:\programdata\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D}
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\program files (x86)\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Local\PackageAware
2011-11-03 10:28 . 2011-11-03 10:28 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-10-28 11:27 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-10-28 11:27 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-28 11:27 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-10-28 11:27 . 2011-10-28 11:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Symantec
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-28 11:26 . 2011-11-04 08:22 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-10-28 11:26 . 2011-10-28 11:26 -------- d-----w- c:\program files (x86)\Norton 360
2011-10-25 13:03 . 2011-10-25 13:03 -------- d-----w- c:\program files (x86)\Activision
2011-10-23 19:52 . 2011-10-23 19:55 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Auslogics
2011-10-23 19:52 . 2011-10-23 19:52 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-23 17:57 . 2008-12-09 08:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-10-23 17:52 . 2011-08-08 12:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2011-10-23 17:52 . 2011-08-08 12:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-10-23 17:52 . 2011-08-08 13:01 14848 ----a-w- c:\windows\system32\smrgdf.exe
2011-10-23 17:52 . 2011-08-08 13:01 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-10-23 17:52 . 2010-02-08 21:36 69000 ----a-w- c:\windows\system32\offreg.dll
2011-10-23 17:52 . 2010-02-08 20:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\program files (x86)\iolo
2011-10-23 17:46 . 2011-10-23 17:46 -------- d-----w- C:\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 11:08 . 2011-10-11 20:41 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-18 17:57 . 2011-06-07 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-18 16:07 . 2011-11-18 16:05 17445963 ----a-w- c:\windows\REGBK00.ZIP
2011-11-03 10:42 . 2011-06-18 19:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-15 08:53 . 2011-08-10 06:58 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-08-10 06:58 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-08-10 06:58 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-08-10 06:58 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-08-10 06:58 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-08-10 06:58 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-08-10 06:58 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-08-10 06:58 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-08-10 06:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 06:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2009-12-10 23:15 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-12-10 23:15 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-12-10 23:15 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 20:09 . 2011-10-11 20:09 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-10-10 22:27 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-10 22:27 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 07:00 . 2011-10-09 11:37 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E4D797E-AB26-4CAA-A09C-1F716F0B9460}\mpengine.dll
2011-09-17 07:54 . 2011-09-17 07:54 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-01 05:24 . 2011-10-16 23:27 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-16 23:27 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-16 23:27 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-16 23:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 01:02 . 2011-09-01 01:02 197416 ----a-w- c:\windows\system32\drivers\ETD.sys
2011-08-31 17:12 . 2010-09-16 19:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-27 05:37 . 2011-10-16 19:25 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-16 19:25 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-16 19:25 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-16 19:25 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2003-05-23 13:56 . 2011-06-25 22:40 41472 ------w- c:\program files (x86)\DrvMgt.dll
2003-05-23 13:56 . 2011-06-25 22:40 12400 ------w- c:\program files (x86)\SECDRV.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-18_22.30.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-19 11:06 . 2011-11-19 11:06 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-11-18 21:25 . 2011-11-18 21:25 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-16 19:19 . 2011-11-19 11:10 52588 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-19 11:10 47536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-07 09:41 47536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-06 05:34 . 2011-11-19 11:10 16588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-156553736-788906822-3014006816-1001_UserData.bin
+ 2011-11-19 11:07 . 2011-11-19 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 21:26 . 2011-11-18 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 21:26 . 2011-11-18 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-19 11:07 . 2011-11-19 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-11-18 21:24 229036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-19 11:06 229036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 08:55 . 2011-11-19 11:06 3648448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-156553736-788906822-3014006816-1001-8192.dat
- 2011-06-09 08:55 . 2011-11-18 21:24 3648448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-156553736-788906822-3014006816-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-10-10 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-16 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-9-16 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-16 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-11 21712]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111118.030\IDSvia64.sys [2011-10-26 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-26 c:\windows\Tasks\AIRecoveryRemind.job
- c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-09-11 01:08]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-03 10:18]
.
2011-11-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-09-07 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-09-01 2776872]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: Crawler Search - tbr:iemenu
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,aa,44,a9,d2,60,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2011-11-19 12:31:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-19 11:30
ComboFix2.txt 2011-11-18 22:51
.
Před spuštěním: 6 608 056 320
Po spuštění: 6 450 253 824
.
- - End Of File - - 1B853D9A04F421C3269C2D857F574186
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1429 [GMT 1:00]
Spuštěný z: c:\users\frajer-smoula\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\frajer-smoula\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-19 do 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-19 11:05 . 2011-11-19 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 20:34 . 2011-11-18 20:35 -------- d-----w- C:\rsit
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\rundll16.exe
2011-11-18 18:56 . 2011-11-18 18:56 -------- d---a-w- c:\windows\logo1_.exe
2011-11-18 17:57 . 2011-11-18 17:57 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\VDLL.DLL
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-11-18 16:01 . 2011-11-18 16:01 -------- d---a-w- c:\windows\logo_1.exe
2011-11-18 15:56 . 2011-11-18 15:56 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-11-18 15:56 . 2011-11-18 15:56 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-11-18 15:56 . 2011-11-18 15:56 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-11-18 15:55 . 2011-11-18 15:55 -------- d-----w- c:\programdata\MicroWorld
2011-11-17 22:52 . 2011-11-17 22:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:59 -------- d-----w- c:\programdata\BVRP Software
2011-11-17 22:47 . 2011-11-17 22:49 -------- d-----w- c:\program files (x86)\Motorola Phone Tools
2011-11-17 22:47 . 2011-11-17 22:47 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\InstallShield
2011-11-09 18:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:33 . 2011-11-08 14:33 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Unity
2011-11-08 13:52 . 2011-11-08 13:52 -------- d-----w- c:\users\frajer-smoula\AppData\Local\Unity
2011-11-03 17:17 . 2011-11-03 17:17 967 ----a-w- c:\windows\ScUnin.pif
2011-11-03 17:17 . 2011-11-03 17:17 94208 ----a-w- c:\windows\ScUnin.exe
2011-11-03 17:13 . 2011-11-03 18:03 -------- d-----w- c:\program files (x86)\Starcraft
2011-11-03 15:41 . 2011-11-03 15:44 -------- d-----w- C:\Diablo
2011-11-03 15:38 . 1998-10-30 15:30 760320 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Diablo\diablo.exe
2011-11-03 15:32 . 2011-11-03 15:44 86528 ----a-w- c:\windows\bnetunin.exe
2011-11-03 15:32 . 2011-11-03 15:44 61440 ----a-w- c:\windows\diabunin.exe
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- dc-h--w- c:\programdata\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D}
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\program files (x86)\Uniblue
2011-11-03 10:59 . 2011-11-03 10:59 -------- d-----w- c:\users\frajer-smoula\AppData\Local\PackageAware
2011-11-03 10:28 . 2011-11-03 10:28 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-10-28 11:27 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-10-28 11:27 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-28 11:27 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-10-28 11:27 . 2011-10-28 11:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Symantec
2011-10-28 11:27 . 2011-10-28 11:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-28 11:26 . 2011-11-04 08:22 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-10-28 11:26 . 2011-10-28 11:26 -------- d-----w- c:\program files (x86)\Norton 360
2011-10-25 13:03 . 2011-10-25 13:03 -------- d-----w- c:\program files (x86)\Activision
2011-10-23 19:52 . 2011-10-23 19:55 -------- d-----w- c:\users\frajer-smoula\AppData\Roaming\Auslogics
2011-10-23 19:52 . 2011-10-23 19:52 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-23 17:57 . 2008-12-09 08:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-10-23 17:52 . 2011-08-08 12:18 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2011-10-23 17:52 . 2011-08-08 12:18 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-10-23 17:52 . 2011-08-08 13:01 14848 ----a-w- c:\windows\system32\smrgdf.exe
2011-10-23 17:52 . 2011-08-08 13:01 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-10-23 17:52 . 2010-02-08 21:36 69000 ----a-w- c:\windows\system32\offreg.dll
2011-10-23 17:52 . 2010-02-08 20:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\program files (x86)\iolo
2011-10-23 17:46 . 2011-10-23 17:46 -------- d-----w- C:\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 11:08 . 2011-10-11 20:41 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-18 17:57 . 2011-06-07 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-18 16:07 . 2011-11-18 16:05 17445963 ----a-w- c:\windows\REGBK00.ZIP
2011-11-03 10:42 . 2011-06-18 19:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-15 08:53 . 2011-08-10 06:58 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-08-10 06:58 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-08-10 06:58 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-08-10 06:58 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-08-10 06:58 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-08-10 06:58 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-08-10 06:58 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-08-10 06:58 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-08-10 06:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 06:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2009-12-10 23:15 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2009-12-10 23:15 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2009-12-10 23:15 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 20:09 . 2011-10-11 20:09 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-10-10 22:27 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-10 22:27 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 07:00 . 2011-10-09 11:37 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E4D797E-AB26-4CAA-A09C-1F716F0B9460}\mpengine.dll
2011-09-17 07:54 . 2011-09-17 07:54 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-01 05:24 . 2011-10-16 23:27 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-16 23:27 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-16 23:27 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-16 23:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-16 23:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 01:02 . 2011-09-01 01:02 197416 ----a-w- c:\windows\system32\drivers\ETD.sys
2011-08-31 17:12 . 2010-09-16 19:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-27 05:37 . 2011-10-16 19:25 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-16 19:25 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-16 19:25 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-16 19:25 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2003-05-23 13:56 . 2011-06-25 22:40 41472 ------w- c:\program files (x86)\DrvMgt.dll
2003-05-23 13:56 . 2011-06-25 22:40 12400 ------w- c:\program files (x86)\SECDRV.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-18_22.30.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-19 11:06 . 2011-11-19 11:06 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-11-18 21:25 . 2011-11-18 21:25 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-16 19:19 . 2011-11-19 11:10 52588 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-19 11:10 47536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-07 09:41 47536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-06 05:34 . 2011-11-19 11:10 16588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-156553736-788906822-3014006816-1001_UserData.bin
+ 2011-11-19 11:07 . 2011-11-19 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 21:26 . 2011-11-18 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 21:26 . 2011-11-18 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-19 11:07 . 2011-11-19 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-11-18 21:42 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 11:07 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-11-18 21:24 229036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-19 11:06 229036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 08:55 . 2011-11-19 11:06 3648448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-156553736-788906822-3014006816-1001-8192.dat
- 2011-06-09 08:55 . 2011-11-18 21:24 3648448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-156553736-788906822-3014006816-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-10-10 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-16 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-9-16 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-16 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-10-11 21712]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111118.030\IDSvia64.sys [2011-10-26 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-26 c:\windows\Tasks\AIRecoveryRemind.job
- c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-09-11 01:08]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 19:09]
.
2011-11-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-03 10:18]
.
2011-11-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-09-07 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-09-01 2776872]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-26 3318784]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: Crawler Search - tbr:iemenu
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,aa,44,a9,d2,60,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2011-11-19 12:31:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-19 11:30
ComboFix2.txt 2011-11-18 22:51
.
Před spuštěním: 6 608 056 320
Po spuštění: 6 450 253 824
.
- - End Of File - - 1B853D9A04F421C3269C2D857F574186
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu
mám udělat ještě něco ? Jinak děkuji za pomoc 
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu
Pokud není žádný jiný problém, je to vše. Nemáte zač!Rudy píše:Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu
tak prosím ještě o pomoc. PC sice běhá uplně v pohodě, ale zkusil jsem ještě jednou MWAV (eScan Anti Virus & Spyware Toolkit Utility) a našlo to tohle :
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "cws.tapicfg Browser Hijacker" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntivirusPro 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "DealHelper.com Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\avsniff.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\avsniffdlgs.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\ecmldr32.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\gp.ocx". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\navapi.vxd". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\navapi32.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\rufsi.dll". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\eSupport\eDriver\Software\Camera\AZUREWAVE\AM-VB008\32\PXIINST32\REMOVE.EXE je infikovaný virem Gen:Malware.Heur.em0@by1YoTab (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\eSupport\eDriver\Software\Camera\AZUREWAVE\AM-VB008\64\PXIINST32\REMOVE.EXE je infikovaný virem Gen:Malware.Heur.em0@by1YoTab (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "cws.tapicfg Browser Hijacker" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntivirusPro 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trust Fighter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "DealHelper.com Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\avsniff.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\avsniffdlgs.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\ecmldr32.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\gp.ocx". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\navapi.vxd". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\navapi32.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\rufsi.dll". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\eSupport\eDriver\Software\Camera\AZUREWAVE\AM-VB008\32\PXIINST32\REMOVE.EXE je infikovaný virem Gen:Malware.Heur.em0@by1YoTab (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\eSupport\eDriver\Software\Camera\AZUREWAVE\AM-VB008\64\PXIINST32\REMOVE.EXE je infikovaný virem Gen:Malware.Heur.em0@by1YoTab (DB) !! Provedené akce: Ponecháno, neodstraněno!.
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu
Už pouze neškodné zbytky po dříve vyléčené infekci a neplatné klíče. Nic nebezpečného.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?