Náhlé zpomalení počítače

Zpráva

paveljurasek · #1 Příspěvek od **paveljurasek** » 01 kvě 2012 16:36

Zdravím,
řeším náhlé radikální zpomalení jednoho počítače, které nastalo asi před 2 dny. Zpočátku funguje normálně, ale čím déle běží, tím je pomalejší. Jde sice o slabší sestavu, ale předtím problémy nebyly. RSIT jsem nechal proběhnout pod nouzovým režimem.
Díky za pomoc při řešení tohoto problému

Logfile of random's system information tool 1.09 (written by random/random)
Run by veronika at 2012-05-01 17:27:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 377 GB (79%) free of 477 GB
Total RAM: 2031 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:03, on 1.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\Downloads\RSIT.exe
C:\Program Files\trend micro\veronika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\veronika\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\veronika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5364 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "QipCounter@qip.ru:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://www.basicscan.com/?tmp=nemo_resu ... &keywords="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.5]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 8\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox 4.0 Beta 8\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\
np32dsw.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox 4.0 Beta 8\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{a95d8332-e4b4-6e7f-98ac-20b733364387}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\searchplugins\
qip-search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-05 7703072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-25 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-25 150552]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\veronika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 137536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\veronika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-12-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-25 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-01 17:27:26 ----D---- C:\Program Files\trend micro
2012-05-01 17:27:25 ----D---- C:\rsit
2012-05-01 17:25:39 ----A---- C:\Windows\ntbtlog.txt
2012-05-01 14:22:58 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-05-01 13:59:22 ----D---- C:\Program Files\CCleaner
2012-04-11 10:38:35 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:38:34 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:38:30 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:38:29 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:38:28 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:38:25 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:38:22 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:33:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-11 10:33:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-07 19:47:21 ----D---- C:\ProgramData\Windows App Certification Kit
2012-04-07 19:47:20 ----D---- C:\Program Files\Application Verifier
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files\Microsoft
2012-04-07 19:36:45 ----D---- C:\Program Files\Windows Kits
2012-04-07 19:36:14 ----D---- C:\ProgramData\PreEmptive Solutions
2012-04-07 19:27:40 ----D---- C:\Program Files\Microsoft ASP.NET
2012-04-07 19:26:05 ----D---- C:\Program Files\Microsoft Web Tooling Extensions
2012-04-07 19:25:34 ----D---- C:\Program Files\Microsoft
2012-04-07 19:24:47 ----D---- C:\Program Files\IIS Express
2012-04-07 19:23:41 ----D---- C:\Program Files\IIS
2012-04-07 19:14:24 ----D---- C:\Program Files\Microsoft Expression
2012-04-07 18:53:31 ----D---- C:\Program Files\HTML Help Workshop
2012-04-07 18:36:30 ----D---- C:\Windows\symbols
2012-04-07 18:36:26 ----D---- C:\Program Files\Common Files\Merge Modules
2012-04-07 18:35:38 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2012-04-07 18:20:35 ----D---- C:\ProgramData\Package Cache

======List of files/folders modified in the last 1 month======

2012-05-01 17:27:26 ----RD---- C:\Program Files
2012-05-01 17:27:17 ----D---- C:\Windows\Temp
2012-05-01 17:25:39 ----D---- C:\Windows
2012-05-01 17:21:05 ----D---- C:\Windows\Prefetch
2012-05-01 17:01:17 ----D---- C:\Windows\System32
2012-05-01 17:01:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-01 17:01:16 ----D---- C:\Windows\inf
2012-05-01 15:49:36 ----D---- C:\Users\veronika\AppData\Roaming\Winamp
2012-05-01 14:29:20 ----D---- C:\Windows\SoftwareDistribution
2012-05-01 14:12:38 ----D---- C:\5c4747f347ce65eaf21200a4f4
2012-05-01 14:03:13 ----D---- C:\Windows\system32\LogFiles
2012-05-01 14:03:13 ----D---- C:\Windows\Panther
2012-05-01 14:03:11 ----D---- C:\Windows\Minidump
2012-05-01 14:03:11 ----D---- C:\Windows\Logs
2012-05-01 14:03:11 ----D---- C:\Windows\debug
2012-05-01 13:19:06 ----SHD---- C:\Windows\Installer
2012-05-01 13:19:04 ----HD---- C:\ProgramData
2012-05-01 13:16:22 ----SHD---- C:\System Volume Information
2012-04-29 21:22:14 ----D---- C:\Windows\system32\config
2012-04-27 20:49:39 ----D---- C:\Users\veronika\AppData\Roaming\Adobe
2012-04-27 20:48:18 ----D---- C:\ProgramData\Adobe
2012-04-26 20:32:05 ----D---- C:\Windows\system32\catroot2
2012-04-21 18:18:12 ----SD---- C:\Users\veronika\AppData\Roaming\Microsoft
2012-04-12 19:38:08 ----D---- C:\Windows\system32\NDF
2012-04-12 09:42:21 ----D---- C:\Windows\Microsoft.NET
2012-04-12 09:35:51 ----RSD---- C:\Windows\assembly
2012-04-11 18:59:16 ----D---- C:\Windows\winsxs
2012-04-11 18:58:06 ----D---- C:\Windows\system32\migration
2012-04-11 18:58:05 ----D---- C:\Program Files\Internet Explorer
2012-04-11 18:58:04 ----D---- C:\Windows\system32\drivers
2012-04-11 10:39:41 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 10:38:50 ----D---- C:\Windows\system32\catroot
2012-04-11 10:34:15 ----A---- C:\Windows\system32\MRT.exe
2012-04-11 07:51:55 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 8
2012-04-08 12:59:37 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-07 20:30:11 ----D---- C:\Windows\system32\Tasks
2012-04-07 20:01:08 ----SD---- C:\ProgramData\Microsoft
2012-04-07 19:57:39 ----D---- C:\Program Files\Microsoft SDKs
2012-04-07 19:50:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files
2012-04-07 19:34:50 ----D---- C:\Program Files\MSBuild
2012-04-07 19:22:04 ----D---- C:\Program Files\Common Files\microsoft shared
2012-04-07 19:14:51 ----RSD---- C:\Windows\Fonts
2012-04-07 19:05:29 ----D---- C:\Windows\system32\1033
2012-04-07 18:51:33 ----D---- C:\Program Files\Microsoft Help Viewer
2012-04-07 18:43:55 ----D---- C:\Program Files\Microsoft SQL Server
2012-04-07 18:31:05 ----D---- C:\Users\veronika\AppData\Roaming\Skype
2012-04-07 18:25:43 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-25 4807168]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [2011-12-12 54112]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-12-10 95584]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-01-30 45640]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 138240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-25 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 01 kvě 2012 16:55

Také zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\veronika\AppData\Local\Facebook\Update
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2898320761-3330930560-2781258817-1000UA.job
C:\Program Files\SweetIM

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

paveljurasek · #3 Příspěvek od **paveljurasek** » 02 kvě 2012 16:04

Logfile of random's system information tool 1.09 (written by random/random)
Run by veronika at 2012-05-02 16:45:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 381 GB (80%) free of 477 GB
Total RAM: 2031 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:46:35, on 2.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\Downloads\RSIT (1).exe
C:\Program Files\trend micro\veronika.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\veronika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5732 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "QipCounter@qip.ru:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://www.basicscan.com/?tmp=nemo_resu ... &keywords="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.5]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 8\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox 4.0 Beta 8\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\
np32dsw.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox 4.0 Beta 8\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{a95d8332-e4b4-6e7f-98ac-20b733364387}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\searchplugins\
qip-search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-05 7703072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-25 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-25 150552]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\veronika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-25 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-02 16:39:38 ----D---- C:\_OTM
2012-05-01 18:34:18 ----A---- C:\Windows\avastSS.scr
2012-05-01 18:32:21 ----A---- C:\Windows\system32\aswBoot.exe
2012-05-01 18:29:25 ----D---- C:\ProgramData\AVAST Software
2012-05-01 18:29:25 ----D---- C:\Program Files\AVAST Software
2012-05-01 17:27:26 ----D---- C:\Program Files\trend micro
2012-05-01 17:27:25 ----D---- C:\rsit
2012-05-01 17:25:39 ----A---- C:\Windows\ntbtlog.txt
2012-05-01 14:22:58 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-05-01 13:59:22 ----D---- C:\Program Files\CCleaner
2012-04-11 10:38:35 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:38:34 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:38:30 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:38:29 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:38:28 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:38:25 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:38:22 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:33:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-11 10:33:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-07 19:47:21 ----D---- C:\ProgramData\Windows App Certification Kit
2012-04-07 19:47:20 ----D---- C:\Program Files\Application Verifier
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files\Microsoft
2012-04-07 19:36:45 ----D---- C:\Program Files\Windows Kits
2012-04-07 19:36:14 ----D---- C:\ProgramData\PreEmptive Solutions
2012-04-07 19:27:40 ----D---- C:\Program Files\Microsoft ASP.NET
2012-04-07 19:26:05 ----D---- C:\Program Files\Microsoft Web Tooling Extensions
2012-04-07 19:25:34 ----D---- C:\Program Files\Microsoft
2012-04-07 19:24:47 ----D---- C:\Program Files\IIS Express
2012-04-07 19:23:41 ----D---- C:\Program Files\IIS
2012-04-07 19:14:24 ----D---- C:\Program Files\Microsoft Expression
2012-04-07 18:53:31 ----D---- C:\Program Files\HTML Help Workshop
2012-04-07 18:36:30 ----D---- C:\Windows\symbols
2012-04-07 18:36:26 ----D---- C:\Program Files\Common Files\Merge Modules
2012-04-07 18:35:38 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2012-04-07 18:20:35 ----D---- C:\ProgramData\Package Cache

======List of files/folders modified in the last 1 month======

2012-05-02 16:45:30 ----D---- C:\Windows\Prefetch
2012-05-02 16:45:19 ----D---- C:\Windows\System32
2012-05-02 16:45:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-02 16:45:18 ----D---- C:\Windows\inf
2012-05-02 16:44:36 ----D---- C:\Windows\Temp
2012-05-02 16:39:49 ----D---- C:\Windows
2012-05-02 16:39:40 ----D---- C:\Windows\Tasks
2012-05-02 16:38:16 ----D---- C:\Windows\system32\LogFiles
2012-05-01 18:29:29 ----SHD---- C:\System Volume Information
2012-05-01 18:29:25 ----RD---- C:\Program Files
2012-05-01 18:29:25 ----HD---- C:\ProgramData
2012-05-01 15:49:36 ----D---- C:\Users\veronika\AppData\Roaming\Winamp
2012-05-01 14:29:20 ----D---- C:\Windows\SoftwareDistribution
2012-05-01 14:12:38 ----D---- C:\5c4747f347ce65eaf21200a4f4
2012-05-01 14:03:13 ----D---- C:\Windows\Panther
2012-05-01 14:03:11 ----D---- C:\Windows\Minidump
2012-05-01 14:03:11 ----D---- C:\Windows\Logs
2012-05-01 14:03:11 ----D---- C:\Windows\debug
2012-05-01 13:19:06 ----SHD---- C:\Windows\Installer
2012-04-29 21:22:14 ----D---- C:\Windows\system32\config
2012-04-27 20:49:39 ----D---- C:\Users\veronika\AppData\Roaming\Adobe
2012-04-27 20:49:39 ----D---- C:\ProgramData\Adobe
2012-04-26 20:32:05 ----D---- C:\Windows\system32\catroot2
2012-04-21 18:18:12 ----SD---- C:\Users\veronika\AppData\Roaming\Microsoft
2012-04-12 19:38:08 ----D---- C:\Windows\system32\NDF
2012-04-12 09:42:21 ----D---- C:\Windows\Microsoft.NET
2012-04-12 09:35:51 ----RSD---- C:\Windows\assembly
2012-04-11 18:59:16 ----D---- C:\Windows\winsxs
2012-04-11 18:58:06 ----D---- C:\Windows\system32\migration
2012-04-11 18:58:05 ----D---- C:\Program Files\Internet Explorer
2012-04-11 18:58:04 ----D---- C:\Windows\system32\drivers
2012-04-11 10:39:41 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 10:38:50 ----D---- C:\Windows\system32\catroot
2012-04-11 10:34:15 ----A---- C:\Windows\system32\MRT.exe
2012-04-11 07:51:55 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 8
2012-04-08 12:59:37 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-07 20:30:11 ----D---- C:\Windows\system32\Tasks
2012-04-07 20:01:08 ----SD---- C:\ProgramData\Microsoft
2012-04-07 19:57:39 ----D---- C:\Program Files\Microsoft SDKs
2012-04-07 19:50:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files
2012-04-07 19:34:50 ----D---- C:\Program Files\MSBuild
2012-04-07 19:22:04 ----D---- C:\Program Files\Common Files\microsoft shared
2012-04-07 19:14:51 ----RSD---- C:\Windows\Fonts
2012-04-07 19:05:29 ----D---- C:\Windows\system32\1033
2012-04-07 18:51:33 ----D---- C:\Program Files\Microsoft Help Viewer
2012-04-07 18:43:55 ----D---- C:\Program Files\Microsoft SQL Server
2012-04-07 18:31:05 ----D---- C:\Users\veronika\AppData\Roaming\Skype
2012-04-07 18:25:43 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-25 4807168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [2011-12-12 54112]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-12-10 95584]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-01-30 45640]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 138240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-25 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Po scanu z RSIT opět zásek

#4 Příspěvek od **Rudy** » 02 kvě 2012 16:45

Dvouklikem na soubor C:\Program Files\trend micro\veronika.exe spusťte HiajckThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Klikněte na >FixChecked< a restartujte PC.

paveljurasek · #5 Příspěvek od **paveljurasek** » 03 kvě 2012 20:34

Kód: Vybrat vše

Logfile of random's system information tool 1.09 (written by random/random)
Run by veronika at 2012-05-03 16:46:56
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 380 GB (80%) free of 477 GB
Total RAM: 2031 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:09, on 3.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\veronika\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\veronika\Downloads\RSIT (2).exe
C:\Program Files\trend micro\veronika.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\veronika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4992 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default

prefs.js - "browser.startup.homepage" -  "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" -  "QipCounter@qip.ru:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" -  "http://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.5]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 8\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox 4.0 Beta 8\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\
np32dsw.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox 4.0 Beta 8\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{a95d8332-e4b4-6e7f-98ac-20b733364387}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\searchplugins\
qip-search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-05 7703072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-25 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-25 150552]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\veronika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-25 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-03 15:40:36 ----D---- C:\Users\veronika\AppData\Roaming\.minecraft
2012-05-02 16:39:38 ----D---- C:\_OTM
2012-05-01 18:34:18 ----A---- C:\Windows\avastSS.scr
2012-05-01 18:32:21 ----A---- C:\Windows\system32\aswBoot.exe
2012-05-01 18:29:25 ----D---- C:\ProgramData\AVAST Software
2012-05-01 18:29:25 ----D---- C:\Program Files\AVAST Software
2012-05-01 17:27:26 ----D---- C:\Program Files\trend micro
2012-05-01 17:27:25 ----D---- C:\rsit
2012-05-01 17:25:39 ----A---- C:\Windows\ntbtlog.txt
2012-05-01 14:22:58 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-05-01 13:59:22 ----D---- C:\Program Files\CCleaner
2012-04-11 10:38:35 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:38:34 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:38:33 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:38:31 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:38:30 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:38:29 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:38:28 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:38:25 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:38:22 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:33:59 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:33:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-11 10:33:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-07 19:47:21 ----D---- C:\ProgramData\Windows App Certification Kit
2012-04-07 19:47:20 ----D---- C:\Program Files\Application Verifier
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files\Microsoft
2012-04-07 19:36:45 ----D---- C:\Program Files\Windows Kits
2012-04-07 19:36:14 ----D---- C:\ProgramData\PreEmptive Solutions
2012-04-07 19:27:40 ----D---- C:\Program Files\Microsoft ASP.NET
2012-04-07 19:26:05 ----D---- C:\Program Files\Microsoft Web Tooling Extensions
2012-04-07 19:25:34 ----D---- C:\Program Files\Microsoft
2012-04-07 19:24:47 ----D---- C:\Program Files\IIS Express
2012-04-07 19:23:41 ----D---- C:\Program Files\IIS
2012-04-07 19:14:24 ----D---- C:\Program Files\Microsoft Expression
2012-04-07 18:53:31 ----D---- C:\Program Files\HTML Help Workshop
2012-04-07 18:36:30 ----D---- C:\Windows\symbols
2012-04-07 18:36:26 ----D---- C:\Program Files\Common Files\Merge Modules
2012-04-07 18:35:38 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2012-04-07 18:20:35 ----D---- C:\ProgramData\Package Cache

======List of files/folders modified in the last 1 month======

2012-05-03 16:47:11 ----D---- C:\Windows\System32
2012-05-03 16:47:11 ----D---- C:\Windows\inf
2012-05-03 16:47:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-03 16:46:05 ----D---- C:\Windows\Temp
2012-05-03 16:42:51 ----D---- C:\Windows\system32\catroot2
2012-05-03 09:18:21 ----D---- C:\Windows\Prefetch
2012-05-02 16:39:49 ----D---- C:\Windows
2012-05-02 16:39:40 ----D---- C:\Windows\Tasks
2012-05-02 16:38:16 ----D---- C:\Windows\system32\LogFiles
2012-05-01 18:29:29 ----SHD---- C:\System Volume Information
2012-05-01 18:29:25 ----RD---- C:\Program Files
2012-05-01 18:29:25 ----HD---- C:\ProgramData
2012-05-01 15:49:36 ----D---- C:\Users\veronika\AppData\Roaming\Winamp
2012-05-01 14:29:20 ----D---- C:\Windows\SoftwareDistribution
2012-05-01 14:12:38 ----D---- C:\5c4747f347ce65eaf21200a4f4
2012-05-01 14:03:13 ----D---- C:\Windows\Panther
2012-05-01 14:03:11 ----D---- C:\Windows\Minidump
2012-05-01 14:03:11 ----D---- C:\Windows\Logs
2012-05-01 14:03:11 ----D---- C:\Windows\debug
2012-05-01 13:19:06 ----SHD---- C:\Windows\Installer
2012-04-29 21:22:14 ----D---- C:\Windows\system32\config
2012-04-27 20:49:39 ----D---- C:\Users\veronika\AppData\Roaming\Adobe
2012-04-27 20:49:39 ----D---- C:\ProgramData\Adobe
2012-04-21 18:18:12 ----SD---- C:\Users\veronika\AppData\Roaming\Microsoft
2012-04-12 19:38:08 ----D---- C:\Windows\system32\NDF
2012-04-12 09:42:21 ----D---- C:\Windows\Microsoft.NET
2012-04-12 09:35:51 ----RSD---- C:\Windows\assembly
2012-04-11 18:59:16 ----D---- C:\Windows\winsxs
2012-04-11 18:58:06 ----D---- C:\Windows\system32\migration
2012-04-11 18:58:05 ----D---- C:\Program Files\Internet Explorer
2012-04-11 18:58:04 ----D---- C:\Windows\system32\drivers
2012-04-11 10:39:41 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 10:38:50 ----D---- C:\Windows\system32\catroot
2012-04-11 10:34:15 ----A---- C:\Windows\system32\MRT.exe
2012-04-11 07:51:55 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 8
2012-04-08 12:59:37 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-07 20:30:11 ----D---- C:\Windows\system32\Tasks
2012-04-07 20:01:08 ----SD---- C:\ProgramData\Microsoft
2012-04-07 19:57:39 ----D---- C:\Program Files\Microsoft SDKs
2012-04-07 19:50:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-07 19:39:10 ----D---- C:\Program Files\Common Files
2012-04-07 19:34:50 ----D---- C:\Program Files\MSBuild
2012-04-07 19:22:04 ----D---- C:\Program Files\Common Files\microsoft shared
2012-04-07 19:14:51 ----RSD---- C:\Windows\Fonts
2012-04-07 19:05:29 ----D---- C:\Windows\system32\1033
2012-04-07 18:51:33 ----D---- C:\Program Files\Microsoft Help Viewer
2012-04-07 18:43:55 ----D---- C:\Program Files\Microsoft SQL Server
2012-04-07 18:31:05 ----D---- C:\Users\veronika\AppData\Roaming\Skype
2012-04-07 18:25:43 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-25 4807168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [2011-12-12 54112]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-12-10 95584]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-01-30 45640]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 138240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-25 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

stále hlášeny problémy se zpomalováním až do úplného zaseknutí

#6 Příspěvek od **Rudy** » 03 kvě 2012 21:01

OK. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

paveljurasek · #7 Příspěvek od **paveljurasek** » 05 kvě 2012 14:37

Kód: Vybrat vše

ComboFix 12-05-05.05 - veronika 05.05.2012  14:56:15.3.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.2031.1278 [GMT 2:00]
Spuštěný z: c:\users\veronika\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d2d1debug1.dll
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2012-04-05 do 2012-05-05  )))))))))))))))))))))))))))))))
.
.
2012-05-05 13:09 . 2012-05-05 13:09	--------	d-----w-	c:\users\veronika\AppData\Local\temp
2012-05-05 13:09 . 2012-05-05 13:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-05 11:00 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC617356-79A3-46D7-A88B-24B8C7DCB125}\mpengine.dll
2012-05-03 13:40 . 2012-05-03 13:41	--------	d-----w-	c:\users\veronika\AppData\Roaming\.minecraft
2012-05-02 14:39 . 2012-05-02 14:39	--------	d-----w-	C:\_OTM
2012-05-01 16:34 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-05-01 16:32 . 2012-03-06 23:15	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-05-01 16:29 . 2012-05-01 16:29	--------	d-----w-	c:\programdata\AVAST Software
2012-05-01 16:29 . 2012-05-01 16:29	--------	d-----w-	c:\program files\AVAST Software
2012-05-01 15:27 . 2012-05-03 14:47	--------	d-----w-	c:\program files\trend micro
2012-05-01 15:27 . 2012-05-01 15:28	--------	d-----w-	C:\rsit
2012-05-01 12:07 . 2012-05-01 12:07	--------	d-----w-	c:\users\veronika\AppData\Local\PreEmptive Solutions
2012-05-01 11:59 . 2012-05-01 11:59	--------	d-----w-	c:\program files\CCleaner
2012-04-30 14:34 . 2012-04-30 14:34	--------	d-----w-	c:\users\veronika\AppData\Local\Temporary Projects
2012-04-28 19:13 . 2012-05-03 07:18	--------	d-----w-	c:\users\veronika\AppData\Local\Unity
2012-04-11 08:33 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:33 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 08:33 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 08:33 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 08:33 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 08:33 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-07 18:30 . 2012-04-07 18:30	--------	d-----w-	c:\users\veronika\AppData\Local\RavenBleuSA
2012-04-07 18:14 . 2012-04-07 18:27	--------	d-----w-	c:\users\veronika\AppData\Local\PerfWatson
2012-04-07 18:08 . 2012-04-07 18:08	2471008	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-04-07 17:47 . 2012-04-07 17:47	--------	d-----w-	c:\programdata\Windows App Certification Kit
2012-04-07 17:47 . 2012-04-07 17:47	--------	d-----w-	c:\program files\Application Verifier
2012-04-07 17:39 . 2012-04-07 17:39	--------	d-----w-	c:\program files\Common Files\Microsoft
2012-04-07 17:36 . 2012-04-07 17:36	--------	d-----w-	c:\program files\Windows Kits
2012-04-07 17:36 . 2012-04-07 17:36	--------	d-----w-	c:\programdata\PreEmptive Solutions
2012-04-07 17:27 . 2012-04-07 17:32	--------	d-----w-	c:\program files\Microsoft ASP.NET
2012-04-07 17:26 . 2012-04-07 17:26	--------	d-----w-	c:\program files\Microsoft Web Tooling Extensions
2012-04-07 17:25 . 2012-04-07 17:25	--------	d-----w-	c:\program files\Microsoft
2012-04-07 17:24 . 2012-04-07 17:25	--------	d-----w-	c:\program files\IIS Express
2012-04-07 17:23 . 2012-04-07 17:23	--------	d-----w-	c:\program files\IIS
2012-04-07 17:14 . 2012-04-07 17:21	--------	d-----w-	c:\program files\Microsoft Expression
2012-04-07 16:53 . 2012-04-07 16:53	--------	d-----w-	c:\program files\HTML Help Workshop
2012-04-07 16:36 . 2012-04-07 16:36	--------	d-----w-	c:\windows\symbols
2012-04-07 16:36 . 2012-04-07 16:51	--------	d-----w-	c:\program files\Common Files\Merge Modules
2012-04-07 16:35 . 2012-04-07 17:58	--------	d-----w-	c:\program files\Microsoft Visual Studio 11.0
2012-04-07 16:20 . 2012-04-30 14:33	--------	d-----w-	c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:57 . 2011-07-12 07:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-21 19:17 . 2012-02-21 19:16	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 19:16 . 2012-02-21 19:16	161792	----a-w-	c:\windows\system32\msls31.dll
2012-02-21 19:16 . 2012-02-21 19:16	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-21 19:16 . 2012-02-21 19:16	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 19:16 . 2012-02-21 19:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-21 19:16 . 2012-02-21 19:16	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-21 19:16 . 2012-02-21 19:16	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-02-21 19:16 . 2012-02-21 19:16	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-02-21 19:16 . 2012-02-21 19:16	367104	----a-w-	c:\windows\system32\html.iec
2012-02-21 19:16 . 2012-02-21 19:16	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-02-21 19:16 . 2012-02-21 19:16	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-21 19:16 . 2012-02-21 19:16	152064	----a-w-	c:\windows\system32\wextract.exe
2012-02-21 19:16 . 2012-02-21 19:16	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-02-21 19:16 . 2012-02-21 19:16	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-02-21 19:16 . 2012-02-21 19:16	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-21 19:16 . 2012-02-21 19:16	11776	----a-w-	c:\windows\system32\mshta.exe
2012-02-21 19:16 . 2012-02-21 19:16	101888	----a-w-	c:\windows\system32\admparse.dll
2012-02-17 05:34 . 2012-03-14 09:39	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 09:39	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 09:39	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-14 01:43 . 2012-02-14 01:43	858176	----a-w-	c:\windows\system32\msvcr110.dll
2012-02-14 01:43 . 2012-02-14 01:43	84544	----a-w-	c:\windows\system32\mfcm110u.dll
2012-02-14 01:43 . 2012-02-14 01:43	84536	----a-w-	c:\windows\system32\mfcm110.dll
2012-02-14 01:43 . 2012-02-14 01:43	8351808	----a-w-	c:\windows\system32\mfc110ud.dll
2012-02-14 01:43 . 2012-02-14 01:43	8280632	----a-w-	c:\windows\system32\mfc110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	799296	----a-w-	c:\windows\system32\msvcp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	74304	----a-w-	c:\windows\system32\mfc110fra.dll
2012-02-14 01:43 . 2012-02-14 01:43	74304	----a-w-	c:\windows\system32\mfc110deu.dll
2012-02-14 01:43 . 2012-02-14 01:43	73280	----a-w-	c:\windows\system32\mfc110esn.dll
2012-02-14 01:43 . 2012-02-14 01:43	72256	----a-w-	c:\windows\system32\mfc110ita.dll
2012-02-14 01:43 . 2012-02-14 01:43	70208	----a-w-	c:\windows\system32\vcomp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	70208	----a-w-	c:\windows\system32\mfc110rus.dll
2012-02-14 01:43 . 2012-02-14 01:43	649808	----a-w-	c:\windows\system32\vccorlib110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	64576	----a-w-	c:\windows\system32\mfc110enu.dll
2012-02-14 01:43 . 2012-02-14 01:43	63552	----a-w-	c:\windows\system32\vcomp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	53312	----a-w-	c:\windows\system32\mfc110jpn.dll
2012-02-14 01:43 . 2012-02-14 01:43	52800	----a-w-	c:\windows\system32\mfc110kor.dll
2012-02-14 01:43 . 2012-02-14 01:43	511040	----a-w-	c:\windows\system32\vcamp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	497728	----a-w-	c:\windows\system32\msvcp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	45632	----a-w-	c:\windows\system32\mfc110cht.dll
2012-02-14 01:43 . 2012-02-14 01:43	45632	----a-w-	c:\windows\system32\mfc110chs.dll
2012-02-14 01:43 . 2012-02-14 01:43	4494904	----a-w-	c:\windows\system32\mfc110.dll
2012-02-14 01:43 . 2012-02-14 01:43	4444728	----a-w-	c:\windows\system32\mfc110u.dll
2012-02-14 01:43 . 2012-02-14 01:43	275024	----a-w-	c:\windows\system32\vsjitdebugger.exe
2012-02-14 01:43 . 2012-02-14 01:43	234056	----a-w-	c:\windows\system32\vccorlib110.dll
2012-02-14 01:43 . 2012-02-14 01:43	219200	----a-w-	c:\windows\system32\VSPerf110.dll
2012-02-14 01:43 . 2012-02-14 01:43	175176	----a-w-	c:\windows\system32\VSCover110.dll
2012-02-14 01:43 . 2012-02-14 01:43	1677376	----a-w-	c:\windows\system32\msvcr110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	156216	----a-w-	c:\windows\system32\atl110.dll
2012-02-14 01:43 . 2012-02-14 01:43	1358400	----a-w-	c:\windows\system32\vcamp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	113216	----a-w-	c:\windows\system32\mfcm110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	112704	----a-w-	c:\windows\system32\mfcm110ud.dll
2012-02-10 15:36 . 2012-02-10 15:37	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40C7B831-BBBF-4FC6-A8BE-CCFCC9D54E05}\gapaengine.dll
2012-02-10 05:38 . 2012-03-14 09:40	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-09 20:31 . 2012-02-09 20:31	168008	----a-w-	c:\windows\system32\vrfcore.dll
2012-02-09 20:30 . 2012-02-09 20:30	86992	----a-w-	c:\windows\system32\vfcompat.dll
2012-02-09 20:30 . 2012-02-09 20:30	79648	----a-w-	c:\windows\system32\vfnet.dll
2012-02-09 20:30 . 2012-02-09 20:30	60976	----a-w-	c:\windows\system32\vfnws.dll
2012-02-09 20:30 . 2012-02-09 20:30	50616	----a-w-	c:\windows\system32\vfcuzz.dll
2012-02-09 20:30 . 2012-02-09 20:30	39744	----a-w-	c:\windows\system32\vfntlmless.dll
2012-02-09 20:30 . 2012-02-09 20:30	367040	----a-w-	c:\windows\system32\vfprintpthelper.dll
2012-02-09 20:30 . 2012-02-09 20:30	351440	----a-w-	c:\windows\system32\vfbasics.dll
2012-02-09 20:30 . 2012-02-09 20:30	301000	----a-w-	c:\windows\system32\vfprint.dll
2012-02-09 20:30 . 2012-02-09 20:30	248568	----a-w-	c:\windows\system32\vfluapriv.dll
2012-02-09 20:30 . 2012-02-09 20:30	21056	----a-w-	c:\windows\system32\cuzzapi.dll
2012-02-09 20:30 . 2012-02-09 20:30	173184	----a-w-	c:\windows\system32\appverif.exe
2012-02-09 20:27 . 2012-02-09 20:27	27752	----a-w-	c:\windows\system32\microsoft.windows.softwarelogo.showdesktop.exe
2012-02-09 19:17 . 2012-02-09 19:17	368128	----a-w-	c:\windows\system32\d3dref9.dll
2012-02-09 19:06 . 2012-02-09 19:06	86528	----a-w-	c:\windows\system32\dxgidebug.dll
2012-02-09 19:03 . 2012-02-09 19:03	573952	----a-w-	c:\windows\system32\d3d11sdklayers.dll
2012-02-09 19:03 . 2012-02-09 19:03	445952	----a-w-	c:\windows\system32\d3d10sdklayers.dll
2012-02-09 19:02 . 2012-02-09 19:02	692224	----a-w-	c:\windows\system32\d3d11_1sdklayers.dll
2012-02-09 19:00 . 2012-02-09 19:00	41984	----a-w-	c:\windows\system32\VSD3DRefDebug.dll
2012-02-09 18:58 . 2012-02-09 18:58	349184	----a-w-	c:\windows\system32\d3d10ref.dll
2012-02-09 18:56 . 2012-02-09 18:56	589824	----a-w-	c:\windows\system32\d3d11ref.dll
2012-02-09 18:54 . 2012-02-09 18:54	90344	----a-w-	c:\windows\system32\vfrdvcompat.dll
2012-02-09 18:49 . 2012-02-09 18:49	249856	----a-w-	c:\windows\system32\dxcpl.exe
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-13 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 12:23	136176	----atw-	c:\users\veronika\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 138240]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [2011-12-12 54112]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-10 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\veronika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.152.45.56 10.152.45.1 10.152.23.1
FF - ProfilePath - c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
MSConfigStartUp-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-05-05  15:12:45
ComboFix-quarantined-files.txt  2012-05-05 13:12
.
Před spuštěním: Volných bajtů: 399 676 297 216
Po spuštění: Volných bajtů: 399 633 707 008
.
- - End Of File - - C8D1CA2473581BA9CFE49B72CDB1A28C

problém stále přetrvává

#8 Příspěvek od **Rudy** » 05 kvě 2012 17:02

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Firefox::
FF - ProfilePath - c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_rem ... &keywords=
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

paveljurasek · #9 Příspěvek od **paveljurasek** » 10 kvě 2012 17:53

Kód: Vybrat vše

ComboFix 12-05-07.01 - veronika 07.05.2012  13:36:27.4.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.2031.1110 [GMT 2:00]
Spuštěný z: c:\users\veronika\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\veronika\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvořen nový Bod Obnovení
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\defaults\preferences\prefs.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\content\ff-overlay.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\content\ff-overlay.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\content\overlay.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\locale\en-US\overlay.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\locale\en-US\overlay.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\chrome\skin\overlay.css
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitAutoCompleteSearch.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitAutoCompleteSearch.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.idl
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults\default_radio_skin.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome\dvdvideosofttb.jar
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib\xpcom.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\manifest.mf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\zigbert.rsa
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\zigbert.sf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.gif
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.ico
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.PNG
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.src
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\setup.ini
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\version.txt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\defaults\preferences\leechblock.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\history.txt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\accesscode.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\accesscode.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\browser.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\browser.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\extensions.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\extensions.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\lockdown.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\lockdown.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\options.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\options.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\stats.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\stats.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\content\utils.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\locale\en-US\blocked.html
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\locale\en-US\leechblock.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\skin\leechblock32.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\chrome\skin\leechblock64.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome\dvsmenuext.jar
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\license.txt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\DataStructures.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\EBEncryption.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\HTTP.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Chat.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\IO.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Log.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MainSingleton.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Notifications.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ObserversAndEvents.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Prefs.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchSuggestIO.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\String.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\TEAEncryption.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Timer.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Twitter.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\URL.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Windows.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\XML.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\components\Initializer.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults\patterns.ini
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults\preferences\adblockplus.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome\adblockplus.jar
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\icon.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF\manifest.mf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF\zigbert.rsa
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF\zigbert.sf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\AppIntegration.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\AppIntegrationFennec.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Bootstrap.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\ContentPolicy.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\ElemHide.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\FilterClasses.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\FilterListener.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\FilterStorage.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Matcher.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\ObjectTabs.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Prefs.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Public.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\RequestNotifier.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\SubscriptionClasses.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Synchronizer.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules\Utils.jsm
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\components\downbar.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\defaults\preferences\downbarconfig.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarPackage.jar
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\license.txt
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonlistener.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonmanager.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\bindings.xml
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\commands.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\config.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu-handler.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\cookies.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\dynamic.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\file.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\findword.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\global-namespace.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\globals.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\gui.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\highlight.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\history.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\chevron.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\inject.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\install.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\logger.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\main.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\ppcbully.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\registry.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\release.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\remote.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\search.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\splitter.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\stringbundles.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-contentmenu.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.xul
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo-array.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tooltip.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\uninstallobserver.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version-ff.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\wait.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\webprogresslistener.js
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.dtd
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.properties
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\bing.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\clear-history.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\dictionary.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\finance.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\find.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\google.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight-disabled.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo_32x32.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\more-search-providers.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\music.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\photos.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\search-current-site.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileySmile.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileyWink.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\social-networks.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\splitter.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\sweetim-toolbar.css
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\video.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg-hover.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-glass.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\yahoo.png
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2012-04-07 do 2012-05-07  )))))))))))))))))))))))))))))))
.
.
2012-05-07 11:51 . 2012-05-07 11:52	--------	d-----w-	c:\users\veronika\AppData\Local\temp
2012-05-07 11:51 . 2012-05-07 11:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-06 15:49 . 2011-07-13 03:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-06 15:48 . 2012-04-18 01:06	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFF6E321-6587-4BED-B996-1DFFF7577621}\mpengine.dll
2012-05-03 13:40 . 2012-05-03 13:41	--------	d-----w-	c:\users\veronika\AppData\Roaming\.minecraft
2012-05-02 14:39 . 2012-05-02 14:39	--------	d-----w-	C:\_OTM
2012-05-01 16:34 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-05-01 16:32 . 2012-03-06 23:15	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-05-01 16:29 . 2012-05-01 16:29	--------	d-----w-	c:\programdata\AVAST Software
2012-05-01 16:29 . 2012-05-01 16:29	--------	d-----w-	c:\program files\AVAST Software
2012-05-01 15:27 . 2012-05-03 14:47	--------	d-----w-	c:\program files\trend micro
2012-05-01 15:27 . 2012-05-01 15:28	--------	d-----w-	C:\rsit
2012-05-01 12:07 . 2012-05-01 12:07	--------	d-----w-	c:\users\veronika\AppData\Local\PreEmptive Solutions
2012-05-01 11:59 . 2012-05-01 11:59	--------	d-----w-	c:\program files\CCleaner
2012-04-30 14:34 . 2012-04-30 14:34	--------	d-----w-	c:\users\veronika\AppData\Local\Temporary Projects
2012-04-28 19:13 . 2012-05-03 07:18	--------	d-----w-	c:\users\veronika\AppData\Local\Unity
2012-04-11 08:33 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:33 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 08:33 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 08:33 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 08:33 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 08:33 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-07 18:30 . 2012-04-07 18:30	--------	d-----w-	c:\users\veronika\AppData\Local\RavenBleuSA
2012-04-07 18:14 . 2012-04-07 18:27	--------	d-----w-	c:\users\veronika\AppData\Local\PerfWatson
2012-04-07 18:08 . 2012-04-07 18:08	2471008	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-04-07 17:47 . 2012-04-07 17:47	--------	d-----w-	c:\programdata\Windows App Certification Kit
2012-04-07 17:47 . 2012-04-07 17:47	--------	d-----w-	c:\program files\Application Verifier
2012-04-07 17:39 . 2012-04-07 17:39	--------	d-----w-	c:\program files\Common Files\Microsoft
2012-04-07 17:36 . 2012-04-07 17:36	--------	d-----w-	c:\program files\Windows Kits
2012-04-07 17:36 . 2012-04-07 17:36	--------	d-----w-	c:\programdata\PreEmptive Solutions
2012-04-07 17:27 . 2012-04-07 17:32	--------	d-----w-	c:\program files\Microsoft ASP.NET
2012-04-07 17:26 . 2012-04-07 17:26	--------	d-----w-	c:\program files\Microsoft Web Tooling Extensions
2012-04-07 17:25 . 2012-04-07 17:25	--------	d-----w-	c:\program files\Microsoft
2012-04-07 17:24 . 2012-04-07 17:25	--------	d-----w-	c:\program files\IIS Express
2012-04-07 17:23 . 2012-04-07 17:23	--------	d-----w-	c:\program files\IIS
2012-04-07 17:14 . 2012-04-07 17:21	--------	d-----w-	c:\program files\Microsoft Expression
2012-04-07 16:53 . 2012-04-07 16:53	--------	d-----w-	c:\program files\HTML Help Workshop
2012-04-07 16:36 . 2012-04-07 16:36	--------	d-----w-	c:\windows\symbols
2012-04-07 16:36 . 2012-04-07 16:51	--------	d-----w-	c:\program files\Common Files\Merge Modules
2012-04-07 16:35 . 2012-04-07 17:58	--------	d-----w-	c:\program files\Microsoft Visual Studio 11.0
2012-04-07 16:20 . 2012-04-30 14:33	--------	d-----w-	c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:57 . 2011-07-12 07:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-01-10 21:33	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-21 19:17 . 2012-02-21 19:16	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 19:16 . 2012-02-21 19:16	161792	----a-w-	c:\windows\system32\msls31.dll
2012-02-21 19:16 . 2012-02-21 19:16	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-21 19:16 . 2012-02-21 19:16	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 19:16 . 2012-02-21 19:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-21 19:16 . 2012-02-21 19:16	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-21 19:16 . 2012-02-21 19:16	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-02-21 19:16 . 2012-02-21 19:16	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-02-21 19:16 . 2012-02-21 19:16	367104	----a-w-	c:\windows\system32\html.iec
2012-02-21 19:16 . 2012-02-21 19:16	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-02-21 19:16 . 2012-02-21 19:16	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-21 19:16 . 2012-02-21 19:16	152064	----a-w-	c:\windows\system32\wextract.exe
2012-02-21 19:16 . 2012-02-21 19:16	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-02-21 19:16 . 2012-02-21 19:16	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-02-21 19:16 . 2012-02-21 19:16	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-21 19:16 . 2012-02-21 19:16	11776	----a-w-	c:\windows\system32\mshta.exe
2012-02-21 19:16 . 2012-02-21 19:16	101888	----a-w-	c:\windows\system32\admparse.dll
2012-02-17 05:34 . 2012-03-14 09:39	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 09:39	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 09:39	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-14 01:43 . 2012-02-14 01:43	858176	----a-w-	c:\windows\system32\msvcr110.dll
2012-02-14 01:43 . 2012-02-14 01:43	84544	----a-w-	c:\windows\system32\mfcm110u.dll
2012-02-14 01:43 . 2012-02-14 01:43	84536	----a-w-	c:\windows\system32\mfcm110.dll
2012-02-14 01:43 . 2012-02-14 01:43	8351808	----a-w-	c:\windows\system32\mfc110ud.dll
2012-02-14 01:43 . 2012-02-14 01:43	8280632	----a-w-	c:\windows\system32\mfc110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	799296	----a-w-	c:\windows\system32\msvcp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	74304	----a-w-	c:\windows\system32\mfc110fra.dll
2012-02-14 01:43 . 2012-02-14 01:43	74304	----a-w-	c:\windows\system32\mfc110deu.dll
2012-02-14 01:43 . 2012-02-14 01:43	73280	----a-w-	c:\windows\system32\mfc110esn.dll
2012-02-14 01:43 . 2012-02-14 01:43	72256	----a-w-	c:\windows\system32\mfc110ita.dll
2012-02-14 01:43 . 2012-02-14 01:43	70208	----a-w-	c:\windows\system32\vcomp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	70208	----a-w-	c:\windows\system32\mfc110rus.dll
2012-02-14 01:43 . 2012-02-14 01:43	649808	----a-w-	c:\windows\system32\vccorlib110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	64576	----a-w-	c:\windows\system32\mfc110enu.dll
2012-02-14 01:43 . 2012-02-14 01:43	63552	----a-w-	c:\windows\system32\vcomp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	53312	----a-w-	c:\windows\system32\mfc110jpn.dll
2012-02-14 01:43 . 2012-02-14 01:43	52800	----a-w-	c:\windows\system32\mfc110kor.dll
2012-02-14 01:43 . 2012-02-14 01:43	511040	----a-w-	c:\windows\system32\vcamp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	497728	----a-w-	c:\windows\system32\msvcp110.dll
2012-02-14 01:43 . 2012-02-14 01:43	45632	----a-w-	c:\windows\system32\mfc110cht.dll
2012-02-14 01:43 . 2012-02-14 01:43	45632	----a-w-	c:\windows\system32\mfc110chs.dll
2012-02-14 01:43 . 2012-02-14 01:43	4494904	----a-w-	c:\windows\system32\mfc110.dll
2012-02-14 01:43 . 2012-02-14 01:43	4444728	----a-w-	c:\windows\system32\mfc110u.dll
2012-02-14 01:43 . 2012-02-14 01:43	275024	----a-w-	c:\windows\system32\vsjitdebugger.exe
2012-02-14 01:43 . 2012-02-14 01:43	234056	----a-w-	c:\windows\system32\vccorlib110.dll
2012-02-14 01:43 . 2012-02-14 01:43	219200	----a-w-	c:\windows\system32\VSPerf110.dll
2012-02-14 01:43 . 2012-02-14 01:43	175176	----a-w-	c:\windows\system32\VSCover110.dll
2012-02-14 01:43 . 2012-02-14 01:43	1677376	----a-w-	c:\windows\system32\msvcr110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	156216	----a-w-	c:\windows\system32\atl110.dll
2012-02-14 01:43 . 2012-02-14 01:43	1358400	----a-w-	c:\windows\system32\vcamp110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	113216	----a-w-	c:\windows\system32\mfcm110d.dll
2012-02-14 01:43 . 2012-02-14 01:43	112704	----a-w-	c:\windows\system32\mfcm110ud.dll
2012-02-10 15:36 . 2012-02-10 15:37	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40C7B831-BBBF-4FC6-A8BE-CCFCC9D54E05}\gapaengine.dll
2012-02-10 05:38 . 2012-03-14 09:40	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-09 20:31 . 2012-02-09 20:31	168008	----a-w-	c:\windows\system32\vrfcore.dll
2012-02-09 20:30 . 2012-02-09 20:30	86992	----a-w-	c:\windows\system32\vfcompat.dll
2012-02-09 20:30 . 2012-02-09 20:30	79648	----a-w-	c:\windows\system32\vfnet.dll
2012-02-09 20:30 . 2012-02-09 20:30	60976	----a-w-	c:\windows\system32\vfnws.dll
2012-02-09 20:30 . 2012-02-09 20:30	50616	----a-w-	c:\windows\system32\vfcuzz.dll
2012-02-09 20:30 . 2012-02-09 20:30	39744	----a-w-	c:\windows\system32\vfntlmless.dll
2012-02-09 20:30 . 2012-02-09 20:30	367040	----a-w-	c:\windows\system32\vfprintpthelper.dll
2012-02-09 20:30 . 2012-02-09 20:30	351440	----a-w-	c:\windows\system32\vfbasics.dll
2012-02-09 20:30 . 2012-02-09 20:30	301000	----a-w-	c:\windows\system32\vfprint.dll
2012-02-09 20:30 . 2012-02-09 20:30	248568	----a-w-	c:\windows\system32\vfluapriv.dll
2012-02-09 20:30 . 2012-02-09 20:30	21056	----a-w-	c:\windows\system32\cuzzapi.dll
2012-02-09 20:30 . 2012-02-09 20:30	173184	----a-w-	c:\windows\system32\appverif.exe
2012-02-09 20:27 . 2012-02-09 20:27	27752	----a-w-	c:\windows\system32\microsoft.windows.softwarelogo.showdesktop.exe
2012-02-09 19:17 . 2012-02-09 19:17	368128	----a-w-	c:\windows\system32\d3dref9.dll
2012-02-09 19:06 . 2012-02-09 19:06	86528	----a-w-	c:\windows\system32\dxgidebug.dll
2012-02-09 19:03 . 2012-02-09 19:03	573952	----a-w-	c:\windows\system32\d3d11sdklayers.dll
2012-02-09 19:03 . 2012-02-09 19:03	445952	----a-w-	c:\windows\system32\d3d10sdklayers.dll
2012-02-09 19:02 . 2012-02-09 19:02	692224	----a-w-	c:\windows\system32\d3d11_1sdklayers.dll
2012-02-09 19:00 . 2012-02-09 19:00	41984	----a-w-	c:\windows\system32\VSD3DRefDebug.dll
2012-02-09 18:58 . 2012-02-09 18:58	349184	----a-w-	c:\windows\system32\d3d10ref.dll
2012-02-09 18:56 . 2012-02-09 18:56	589824	----a-w-	c:\windows\system32\d3d11ref.dll
2012-02-09 18:54 . 2012-02-09 18:54	90344	----a-w-	c:\windows\system32\vfrdvcompat.dll
2012-02-09 18:49 . 2012-02-09 18:49	249856	----a-w-	c:\windows\system32\dxcpl.exe
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 12:23	136176	----atw-	c:\users\veronika\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R1 MpKsl9bc1880a;MpKsl9bc1880a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABDDE19A-27D6-41BA-8DFD-1F61FE2C0B92}\MpKsl9bc1880a.sys [x]
R1 MpKsl9c4b700f;MpKsl9c4b700f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABDDE19A-27D6-41BA-8DFD-1F61FE2C0B92}\MpKsl9c4b700f.sys [x]
R1 MpKslb06e74bc;MpKslb06e74bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB809344-D5A8-4F25-8911-260F162376B2}\MpKslb06e74bc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 138240]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [2011-12-12 54112]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-10 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2006-12-13 30656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\veronika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.152.45.56 10.152.45.1 10.152.23.1
FF - ProfilePath - c:\users\veronika\AppData\Roaming\Mozilla\Firefox\Profiles\86qvh064.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 4.0 Beta 8\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\DFDWiz.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Games\Mahjong\Mahjong.exe
.
**************************************************************************
.
Celkový čas: 2012-05-07  14:05:00 - počítač byl restartován
ComboFix-quarantined-files.txt  2012-05-07 12:04
ComboFix2.txt  2012-05-05 13:12
.
Před spuštěním: Volných bajtů: 400 957 739 008
Po spuštění: Volných bajtů: 401 033 494 528
.
- - End Of File - - 6D76E51FFECF66095537D0E7EF94C0E9

#10 Příspěvek od **Rudy** » 10 kvě 2012 18:14

Smazáno. Nastala nějaká změna?

VIRY.CZ

Náhlé zpomalení počítače

Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače

Re: Náhlé zpomalení počítače