Preventivna kontrola logu z RSIT

Zpráva

m_artin · #1 Příspěvek od **m_artin** » 24 čer 2012 20:07

Dobrý deň, prikladam log z RSIT na preventivnu kontrolu.... Po mojom prehliadnuti logu tam nevidim nič nezvyčajne
Dnes mi na mojom e-maily však prišiel mail s nejakym divnym linkom a samozrejme som nan "ja hlupak" klikol. Neskôr mi prišiel spätný e-mail (Mail Delivery System) ze sa nepodarilo odoslať mail, pričom v prilohe bol nejaky zvlaštny subor s divnou priponou. Zmenil som si heslo, jedna sa mi však o to či sa nejaky šmejd nahodou neprešmykol do PC... Možno to chcelo heknuť len moju e-mailovu adresu...
Dakujem vopred za odpoveď a prezretie logu.. Martin

Log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dluhosova at 2012-06-24 20:58:45
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 167 GB (70%) free of 238 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:00, on 24. 6. 2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\V0470Mon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Dluhosova\Desktop\RSIT.exe
C:\Program Files\trend micro\Dluhosova.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6987 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-06-03 2094616]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-02 6335008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-12 13675040]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-12 92704]
"V0470Mon.exe"=C:\Windows\V0470Mon.exe [2007-04-11 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-08-14 614400]
"4600 Scan2PC"=C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe [2009-09-10 1968640]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-05-02 151552]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"cacaoweb"=C:\Users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe [2011-01-24 348912]
"Facebook Update"=C:\Users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 137536]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Google Update"=C:\Users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 136176]
"Voipwise"=C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe [2012-03-19 17792376]
"GameXN GO"=C:\ProgramData\GameXN\GameXNGO.exe [2011-09-01 347008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{235dcf9b-93e1-11de-a9b7-001d92fd9f8a}]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fa20f8-4884-11dd-b0d3-806e6f6e6963}]
shell\AutoRun\command - D:\SETUP.EXE
shell\configure\command - D:\SETUP.EXE
shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd29e7be-aff6-11e1-a7b8-001d92fd9f8a}]
shell\AutoRun\command - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

======List of files/folders modified in the last 1 months======

2012-06-24 20:58:49 ----D---- C:\Program Files\trend micro
2012-06-24 20:57:06 ----D---- C:\ProgramData\GameXN
2012-06-24 20:56:20 ----D---- C:\Windows\Temp
2012-06-24 20:16:16 ----D---- C:\Windows\System32
2012-06-24 20:16:16 ----D---- C:\Windows\inf
2012-06-24 20:16:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-24 20:13:08 ----D---- C:\Users\Dluhosova\AppData\Roaming\Skype
2012-06-24 20:11:55 ----D---- C:\Users\Dluhosova\AppData\Roaming\go
2012-06-24 19:25:29 ----D---- C:\Program Files\Mozilla Firefox
2012-06-24 19:24:23 ----D---- C:\Users\Dluhosova\AppData\Roaming\skypePM
2012-06-22 09:08:51 ----A---- C:\Windows\NeroDigital.ini
2012-06-22 09:06:29 ----D---- C:\Windows\Prefetch
2012-06-21 13:48:40 ----A---- C:\Windows\Slovnik.INI
2012-06-21 13:46:37 ----D---- C:\Windows
2012-06-21 08:07:49 ----D---- C:\Windows\system32\catroot2
2012-06-20 11:41:30 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-02-16 38400]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-02-19 5120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-02 2175256]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-12 7611360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-07 118784]
S3 acocyab1;acocyab1; C:\Windows\system32\drivers\acocyab1.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 146368]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-12 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 25 čer 2012 06:16

Zdravím.

Hele, při Tvé poslední návštěvě 21. července 2011 se Tě kolega vyosek ptal na nějaké citlivé informace - neodpověděl jsi mu. Proč asi? A proč si myslíš, že bychom Ti měli radit, když pak už nezareaguješ?

m_artin · #3 Příspěvek od **m_artin** » 25 čer 2012 08:07

Skutočne neviem prečo som vtedy nereagoval... čo sa tyka tych citlivych informacii... tak v tom čase som mal NOD32 - skušobnu mesačnu verziu.. potom som však dal AVAST.. čo sa tyka toho ďalšieho logu z RSIT, ktory ma ziadal už to bude asi bezpredmetne s odstupom času a v tom priečinku ho ani nemam...
Ja si vážim každú radu na tomto fóre a považujem ju skutočne za vzácnu. na každú otázku alebo odpoveď som sa snažil vždy korektne pravdivo a so snahou odpovedať. Neviem prečo som poslednykrat nereagoval, ale za akékoľvek ďalšie postrehy a rady budem vďačný.
Prikladam preto log z c:rsit zo včera:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dluhosova at 2012-06-24 20:58:45
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 167 GB (70%) free of 238 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:00, on 24. 6. 2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\V0470Mon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Dluhosova\Desktop\RSIT.exe
C:\Program Files\trend micro\Dluhosova.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6987 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-06-03 2094616]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-02 6335008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-12 13675040]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-12 92704]
"V0470Mon.exe"=C:\Windows\V0470Mon.exe [2007-04-11 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-08-14 614400]
"4600 Scan2PC"=C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe [2009-09-10 1968640]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-05-02 151552]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"cacaoweb"=C:\Users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe [2011-01-24 348912]
"Facebook Update"=C:\Users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 137536]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Google Update"=C:\Users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 136176]
"Voipwise"=C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe [2012-03-19 17792376]
"GameXN GO"=C:\ProgramData\GameXN\GameXNGO.exe [2011-09-01 347008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{235dcf9b-93e1-11de-a9b7-001d92fd9f8a}]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fa20f8-4884-11dd-b0d3-806e6f6e6963}]
shell\AutoRun\command - D:\SETUP.EXE
shell\configure\command - D:\SETUP.EXE
shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd29e7be-aff6-11e1-a7b8-001d92fd9f8a}]
shell\AutoRun\command - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

======List of files/folders modified in the last 1 months======

2012-06-24 20:58:49 ----D---- C:\Program Files\trend micro
2012-06-24 20:57:06 ----D---- C:\ProgramData\GameXN
2012-06-24 20:56:20 ----D---- C:\Windows\Temp
2012-06-24 20:16:16 ----D---- C:\Windows\System32
2012-06-24 20:16:16 ----D---- C:\Windows\inf
2012-06-24 20:16:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-24 20:13:08 ----D---- C:\Users\Dluhosova\AppData\Roaming\Skype
2012-06-24 20:11:55 ----D---- C:\Users\Dluhosova\AppData\Roaming\go
2012-06-24 19:25:29 ----D---- C:\Program Files\Mozilla Firefox
2012-06-24 19:24:23 ----D---- C:\Users\Dluhosova\AppData\Roaming\skypePM
2012-06-22 09:08:51 ----A---- C:\Windows\NeroDigital.ini
2012-06-22 09:06:29 ----D---- C:\Windows\Prefetch
2012-06-21 13:48:40 ----A---- C:\Windows\Slovnik.INI
2012-06-21 13:46:37 ----D---- C:\Windows
2012-06-21 08:07:49 ----D---- C:\Windows\system32\catroot2
2012-06-20 11:41:30 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-02-16 38400]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-02-19 5120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-02 2175256]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-12 7611360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-07 118784]
S3 acocyab1;acocyab1; C:\Windows\system32\drivers\acocyab1.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 146368]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-12 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#4 Příspěvek od **Mc_Murphy** » 25 čer 2012 11:57

OK, beru. Uvidíme, jak moc Ti vzácné naše rady skutečně budou. Tak se na to mrkneme.

Jako první by sis měl doinstalovat Windows Vista Service Pack 2 a všechny dostupné aktualizace!

Aktualizuj také MS Internet Explorer na poslední verzi. I když používáš jiný prohlížeč, aktualizace řeší spoustu problémů i v systému samotném.

Potom tedy, pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary:

BS Player Toolbar a DAEMON Tools Toolbar.

Toolbary (lišty prohlížečů) jsou veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti.

A jelikož vidím v logu havěť, dáme si ComboFix.

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš Win XP, spusť pod účtem Správce/Administrator.
Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

m_artin · #5 Příspěvek od **m_artin** » 26 čer 2012 08:35

no škoda, že všetko nejde tak ako by malo.. nainštaloval som všetky dostupne aktualizacie, ale SP2 cez windows update sa mi uz nepodarilo nainštalovať, skušal som nainštalovať aj pomocou strediska pre prevzatie softvveru spoločnosti Microsoft, tiež neuspešne.. jedina možnosť uz ostava stiahnuť niekde na internete a nainšalovať, tak sa pokusim ešte takto... Idem sa s tym hrať, zatial prikladam log z combofixu
- MS Internet Explorer som neaktualizoval, lebo novšia verzia IE si uz vyzaduje SP2, takze zaktualizujem po nainštalovani SP2
- Toolbary som odinštaloval
- Combofix urobeny, log je tu:

ComboFix 12-06-25.05 - Dluhosova . 06. 2012 9:14.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.421.1051.18.2047.1306 [GMT 2:00]
Running from: c:\users\Dluhosova\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Dluhosova\AppData\Roaming\cacaoweb
c:\users\Dluhosova\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Dluhosova\AppData\Roaming\cacaoweb\storage.db
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 07:20 . 2012-06-26 07:20 -------- d-----w- c:\users\Dluhosova\AppData\Local\temp
2012-06-26 07:20 . 2012-06-26 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 16:22 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-25 16:22 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-25 15:52 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Facebook Update"="c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-01 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-02 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-10 1968640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-140570388-2203483276-3984906766-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
- c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:06]
.
2012-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
- c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:06]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 10:50]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 10:50]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
- c:\users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:18]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
- c:\users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-cacaoweb - c:\users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe
HKCU-Run-Voipwise - c:\program files\Voipwise.com\Voipwise\Voipwise.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 09:20
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\users\Dluhosova\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?ng????tu???????? ?O???O???????????O???????O???nu`?tu????????????q???????Service Pack 1??????????????????????????????????????????????????????????????????????????????????W???????M!]???C?????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-26 09:22:26
ComboFix-quarantined-files.txt 2012-06-26 07:22
.
Pre-Run: 172 904 157 184 bytes free
Post-Run: 172 825 141 248 bytes free
.
- - End Of File - - 91B28CEDE9FA0DE431087B7A56D08278

m_artin · #6 Příspěvek od **m_artin** » 26 čer 2012 10:05

OK, SP2 uspešne nainštalovany, IE som zaktualizoval na najnovšiu verziu a aj avast... som zvedavy na tu havet...
Urobil som Combofix po inštalacii SP2, tu je:

ComboFix 12-06-25.05 - Dluhosova . 06. 2012 10:54:29.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.2047.1286 [GMT 2:00]
Running from: c:\users\Dluhosova\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 09:00 . 2012-06-26 09:00 -------- d-----w- c:\users\Dluhosova\AppData\Local\temp
2012-06-26 09:00 . 2012-06-26 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 08:31 . 2012-06-26 08:31 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-26 08:29 . 2012-06-26 08:29 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-26 08:29 . 2012-06-26 08:29 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-26 08:29 . 2012-06-26 08:29 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-26 08:29 . 2012-06-26 08:29 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-26 08:29 . 2012-06-26 08:29 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-26 08:29 . 2012-06-26 08:29 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-26 08:29 . 2012-06-26 08:29 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\ca-ES
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\eu-ES
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\vi-VN
2012-06-26 08:05 . 2012-06-26 08:05 -------- d-----w- c:\windows\system32\SPReview
2012-06-26 07:56 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-06-26 07:56 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-06-26 07:51 . 2009-04-10 21:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2012-06-26 07:50 . 2009-04-10 21:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2012-06-25 16:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-25 16:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-25 16:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-25 15:52 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 08:33 . 2012-06-26 08:33 203776 ----a-w- c:\windows\system32\webcheck.dll
2012-06-26 08:29 . 2012-06-26 08:29 4096 ----a-w- c:\windows\system32\drivers\sk-SK\dxgkrnl.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Facebook Update"="c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-01 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0470Ext.ax"="c:\windows\system32\V0470Ext.ax" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-02 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-10 1968640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-140570388-2203483276-3984906766-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
- c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:06]
.
2012-06-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
- c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:06]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 10:50]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 10:50]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
- c:\users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:18]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
- c:\users\Dluhosova\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 11:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-26 11:02:07
ComboFix-quarantined-files.txt 2012-06-26 09:02
ComboFix2.txt 2012-06-26 07:22
.
Pre-Run: 205 672 566 784 bytes free
Post-Run: 205 619 961 856 bytes free
.
- - End Of File - - 39182626C1142EE5569146D37F7B675E

#7 Příspěvek od **Mc_Murphy** » 26 čer 2012 16:07

No jo... ono by to chtělo trošku trpělivosti, viď?

Hele, takhle... příště, když napíšu SP2 a potom CF, tak proveď SP2 a potom CF. Ne SP2 - nepovede se, tak CF, pak zkusím znovu SP2 - výborně, funguje, tak další CF... to je fakt k ničemu.
SP2 bychom vyřešili později a CF vážně není hračka na hraní.

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Folder::
c:\users\Dluhosova\AppData\Local\Facebook
C:\Program Files\DAEMON Tools Toolbar

File::
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
C:\Program Files\BS_Player\tbBS_1.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Skype"=-
"DAEMON Tools Lite"=-
"Facebook Update"=-
"GameXN GO"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"NeroFilterCheck"=-
"NBKeyScan"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"DivXUpdate"=-
"Windows Defender"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559

Firefox::
FF - ProfilePath - c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

m_artin · #8 Příspěvek od **m_artin** » 27 čer 2012 16:29

ulozeny txt-ovy dokument som dal do Combofix, po reštarte pc vybehla hlaška s nazvom: "Program LUpdate MFC Application prestal pracovať. Problém zapríčinil, že program prestal správne pracovať. Systém Windows program zavrie a upozroní vás, ak zistí dostupné riešenie.
Nasledne som sa pokusil otvoriť internetovy prehliadač, ale neuspešne /nejaka hlaška, ze registry su pripravene na odstranenie/... reštartoval som PC a už prehliadače idu...

Tu je log z Combofix:

ComboFix 12-06-26.02 - Dluhosova . 06. 2012 17:07:54.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.2047.1284 [GMT 2:00]
Running from: c:\users\Dluhosova\Desktop\ComboFix.exe
Command switches used :: c:\users\Dluhosova\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\BS_Player\tbBS_1.dll"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.xpt
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\skype_ff_extension.jar
c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\install.rdf
c:\users\Dluhosova\AppData\Local\Facebook
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Dluhosova\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\FacebookVideoCalling
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\call256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\callmember256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\callmember512.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\config.lck
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\config.xml
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\contactgroup256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\conversation256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\chatmsg1024.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\index2.dat
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\main.lock
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\participant256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\fb#3aac49oxbh3pjofierkny2sdetzwptt1mrvwaiatppdesnourol-rx40y2bf1vy1e8cla\profile256.dbb
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\shared.lck
c:\users\Dluhosova\AppData\Local\Facebook\Video\Common\shared.xml
c:\users\Dluhosova\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
c:\users\Dluhosova\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
c:\users\Dluhosova\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\illimitux@illimitux.net
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\illimitux@illimitux.net\chrome.manifest
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\illimitux@illimitux.net\chrome\illimitux.jar
c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\extensions\illimitux@illimitux.net\install.rdf
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-140570388-2203483276-3984906766-1000UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 15:13 . 2012-06-27 15:13 -------- d-----w- c:\users\Dluhosova\AppData\Local\temp
2012-06-27 15:13 . 2012-06-27 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 08:31 . 2012-06-26 08:31 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-26 08:29 . 2012-06-26 08:29 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-26 08:29 . 2012-06-26 08:29 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-26 08:29 . 2012-06-26 08:29 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-26 08:29 . 2012-06-26 08:29 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-26 08:29 . 2012-06-26 08:29 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-26 08:29 . 2012-06-26 08:29 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-26 08:29 . 2012-06-26 08:29 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\ca-ES
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\eu-ES
2012-06-26 08:11 . 2012-06-26 08:11 -------- d-----w- c:\windows\system32\vi-VN
2012-06-26 08:05 . 2012-06-26 08:05 -------- d-----w- c:\windows\system32\SPReview
2012-06-26 07:56 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-06-26 07:56 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-06-26 07:51 . 2009-04-10 21:28 41984 ----a-w- c:\windows\system32\mimefilt.dll
2012-06-26 07:50 . 2009-04-10 21:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2012-06-25 16:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-25 16:22 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-25 16:22 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-25 15:52 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 08:33 . 2012-06-26 08:33 203776 ----a-w- c:\windows\system32\webcheck.dll
2012-06-26 08:29 . 2012-06-26 08:29 4096 ----a-w- c:\windows\system32\drivers\sk-SK\dxgkrnl.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0470Ext.ax"="c:\windows\system32\V0470Ext.ax" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-02 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-10 1968640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-140570388-2203483276-3984906766-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Dluhosova\AppData\Roaming\Mozilla\Firefox\Profiles\66ndvd3v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 17:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-06-27 17:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 15:19
ComboFix2.txt 2012-06-26 09:02
ComboFix3.txt 2012-06-26 07:22
.
Pre-Run: 204 084 355 072 bytes free
Post-Run: 203 949 101 056 bytes free
.
- - End Of File - - 5019ABD2D46C88897F1C14BD1FC52440

#9 Příspěvek od **Mc_Murphy** » 28 čer 2012 07:35

Dobrá. Jak se chová počítač teď?

Hoď mi sem prosím nový aktuální log ze RSITu, ať se přesvědčím, co se povedlo a co ne.

m_artin · #10 Příspěvek od **m_artin** » 28 čer 2012 18:47

Počítač šlape...

nebadam nejake zmeny v spomaleni, alebo zasekavani, možno by som skôr povedal, že ide mierne lepšie a plynulejšie.. zatiaľ všetko funguje...

Tu je log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dluhosova at 2012-06-28 19:44:24
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 193 GB (81%) free of 238 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:36, on 28. 6. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\V0470Mon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Dluhosova\Desktop\RSIT.exe
C:\Program Files\trend micro\Dluhosova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [C:\Windows\system32\V0470Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0470Ext.ax
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10y_Plugin.exe -update plugin
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 4302 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-02 6335008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-12 13675040]
"V0470Mon.exe"=C:\Windows\V0470Mon.exe [2007-04-11 32768]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-08-14 614400]
"4600 Scan2PC"=C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe [2009-09-10 1968640]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"C:\Windows\system32\V0470Ext.ax"=C:\Windows\system32\RegSvr32.exe [2006-11-02 14336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Users\Dluhosova\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-05-02 151552]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10y_Plugin.exe [2011-12-02 243872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2012-06-27 17:19:46 ----A---- C:\ComboFix.txt
2012-06-27 17:18:56 ----SHD---- C:\$RECYCLE.BIN
2012-06-27 17:13:57 ----D---- C:\Windows\temp
2012-06-27 17:06:45 ----D---- C:\ComboFix
2012-06-26 10:33:37 ----A---- C:\Windows\system32\wininet.dll
2012-06-26 10:33:37 ----A---- C:\Windows\system32\msls31.dll
2012-06-26 10:33:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\urlmon.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-06-26 10:33:36 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-06-26 10:33:36 ----A---- C:\Windows\system32\msrating.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\mshtmler.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\ieui.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\iesysprep.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\iertutil.dll
2012-06-26 10:33:36 ----A---- C:\Windows\system32\ieframe.dll
2012-06-26 10:33:35 ----A---- C:\Windows\system32\ieapfltr.dll
2012-06-26 10:33:35 ----A---- C:\Windows\system32\icardie.dll
2012-06-26 10:33:35 ----A---- C:\Windows\system32\dxtrans.dll
2012-06-26 10:33:35 ----A---- C:\Windows\system32\dxtmsft.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\wextract.exe
2012-06-26 10:33:34 ----A---- C:\Windows\system32\webcheck.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\url.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\licmgr10.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\inseng.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\iesetup.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\iernonce.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\iedkcs32.dll
2012-06-26 10:33:34 ----A---- C:\Windows\system32\ie4uinit.exe
2012-06-26 10:33:33 ----A---- C:\Windows\system32\vbscript.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\pngfilt.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\occache.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\mshtml.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\mshta.exe
2012-06-26 10:33:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\iexpress.exe
2012-06-26 10:33:33 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-26 10:33:33 ----A---- C:\Windows\system32\ieakui.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\ieaksie.dll
2012-06-26 10:33:33 ----A---- C:\Windows\system32\admparse.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\jscript9.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\jscript.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\imgutil.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\iepeers.dll
2012-06-26 10:33:32 ----A---- C:\Windows\system32\advpack.dll
2012-06-26 10:33:31 ----A---- C:\Windows\system32\msfeedssync.exe
2012-06-26 10:33:31 ----A---- C:\Windows\system32\ieakeng.dll
2012-06-26 10:33:31 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\mfreadwrite.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\mfps.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\mfmp4src.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\MFHEAACdec.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\MFH264Dec.dll
2012-06-26 10:31:51 ----A---- C:\Windows\system32\mf.dll
2012-06-26 10:31:50 ----A---- C:\Windows\system32\stobject.dll
2012-06-26 10:31:50 ----A---- C:\Windows\system32\shdocvw.dll
2012-06-26 10:31:50 ----A---- C:\Windows\system32\mfplat.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\XpsRasterService.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\FntCache.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\DWrite.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d3d10warp.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d3d10level9.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d3d10core.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d3d10_1.dll
2012-06-26 10:31:49 ----A---- C:\Windows\system32\d2d1.dll
2012-06-26 10:31:48 ----A---- C:\Windows\system32\dxgi.dll
2012-06-26 10:31:48 ----A---- C:\Windows\system32\d3d10.dll
2012-06-26 10:31:48 ----A---- C:\Windows\system32\cdd.dll
2012-06-26 10:31:47 ----A---- C:\Windows\system32\xpsservices.dll
2012-06-26 10:31:47 ----A---- C:\Windows\system32\XpsPrint.dll
2012-06-26 10:31:47 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2012-06-26 10:31:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2012-06-26 10:31:47 ----A---- C:\Windows\system32\OpcServices.dll
2012-06-26 10:29:40 ----A---- C:\Windows\system32\WMPhoto.dll
2012-06-26 10:29:40 ----A---- C:\Windows\system32\dxdiagn.dll
2012-06-26 10:29:40 ----A---- C:\Windows\system32\dxdiag.exe
2012-06-26 10:29:39 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2012-06-26 10:29:39 ----A---- C:\Windows\system32\WindowsCodecs.dll
2012-06-26 10:29:39 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2012-06-26 10:29:39 ----A---- C:\Windows\system32\d3d11.dll
2012-06-26 10:11:39 ----D---- C:\Windows\system32\vi-VN
2012-06-26 10:11:39 ----D---- C:\Windows\system32\eu-ES
2012-06-26 10:11:39 ----D---- C:\Windows\system32\ca-ES
2012-06-26 10:05:12 ----D---- C:\Windows\system32\SPReview
2012-06-26 09:56:14 ----A---- C:\Windows\system32\scavenge.dll
2012-06-26 09:56:09 ----A---- C:\Windows\system32\compcln.exe
2012-06-26 09:52:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2012-06-26 09:52:39 ----A---- C:\Windows\system32\secproc_ssp.dll
2012-06-26 09:52:39 ----A---- C:\Windows\system32\secproc_isv.dll
2012-06-26 09:52:39 ----A---- C:\Windows\system32\secproc.dll
2012-06-26 09:52:39 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-06-26 09:52:39 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-06-26 09:52:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-06-26 09:52:39 ----A---- C:\Windows\system32\sdohlp.dll
2012-06-26 09:52:39 ----A---- C:\Windows\system32\rsaenh.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scrrun.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scrobj.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scksp.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scesrv.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scecli.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\SCardSvr.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\scansetting.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\samsrv.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\samlib.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\rtffilt.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\rpchttp.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\rpcss.dll
2012-06-26 09:52:38 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2012-06-26 09:52:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2012-06-26 09:52:38 ----A---- C:\Windows\system32\RMActivate_isv.exe
2012-06-26 09:52:38 ----A---- C:\Windows\system32\RMActivate.exe
2012-06-26 09:52:38 ----A---- C:\Windows\system32\riched20.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\powercpl.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PNPXAssoc.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PnPutil.exe
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PnPUnattend.exe
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pnpui.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pnpsetup.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pnidui.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PkgMgr.exe
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pidgenx.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\photowiz.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\perfdisk.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pdh.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\pcaui.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\p2psvc.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\P2PGraph.dll
2012-06-26 09:52:36 ----A---- C:\Windows\system32\nslookup.exe
2012-06-26 09:52:35 ----A---- C:\Windows\system32\osk.exe
2012-06-26 09:52:35 ----A---- C:\Windows\system32\oobefldr.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\onex.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\olepro32.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\oleprn.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\offfilt.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\odbccp32.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\odbcconf.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2012-06-26 09:52:35 ----A---- C:\Windows\system32\nlhtml.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\RelMon.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\regsvc.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rastapi.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasppp.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasplap.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasmontr.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasmans.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\raschap.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasgcw.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasdlg.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasdial.exe
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasdiag.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\rasapi32.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\RacEngn.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\Query.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\qmgr.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\qedit.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\ocsetup.exe
2012-06-26 09:52:34 ----A---- C:\Windows\system32\ntprint.dll
2012-06-26 09:52:34 ----A---- C:\Windows\system32\ntmarta.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\rekeywiz.exe
2012-06-26 09:52:33 ----A---- C:\Windows\system32\regapi.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\reg.exe
2012-06-26 09:52:33 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\rdpencom.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\prnntfy.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\printui.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\PresentationHost.exe
2012-06-26 09:52:33 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-06-26 09:52:33 ----A---- C:\Windows\system32\powrprof.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\qdvd.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\QAGENTRT.DLL
2012-06-26 09:52:32 ----A---- C:\Windows\system32\puiapi.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\psisdecd.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\PSHED.DLL
2012-06-26 09:52:32 ----A---- C:\Windows\system32\propsys.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\propdefs.dll
2012-06-26 09:52:32 ----A---- C:\Windows\system32\profsvc.dll
2012-06-26 09:52:30 ----A---- C:\Windows\system32\sendmail.dll
2012-06-26 09:52:27 ----A---- C:\Windows\system32\setupapi.dll
2012-06-26 09:52:27 ----A---- C:\Windows\system32\sethc.exe
2012-06-26 09:52:27 ----A---- C:\Windows\system32\services.exe
2012-06-26 09:52:21 ----A---- C:\Windows\system32\eapphost.dll
2012-06-26 09:52:21 ----A---- C:\Windows\system32\eappgnui.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\f3ahvoas.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\ExplorerFrame.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\evr.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\eudcedit.exe
2012-06-26 09:52:20 ----A---- C:\Windows\system32\esent.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\EhStorAPI.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\eappcfg.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\eapp3hst.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\dwm.exe
2012-06-26 09:52:20 ----A---- C:\Windows\system32\dsprop.dll
2012-06-26 09:52:20 ----A---- C:\Windows\system32\dsound.dll
2012-06-26 09:52:20 ----A---- C:\Windows\explorer.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\es.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\emdmgmt.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\EhStorShell.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\EhStorAuthn.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\drvstore.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\drvinst.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\drmv2clt.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\drmmgrtn.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dpapimig.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dot3svc.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dot3msm.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dot3cfg.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\diskraid.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\diskpart.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dimsroam.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\diagperf.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dhcpcsvc.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dfsr.exe
2012-06-26 09:52:19 ----A---- C:\Windows\system32\dfshim.dll
2012-06-26 09:52:19 ----A---- C:\Windows\system32\devmgr.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\iasnap.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\IasMigReader.exe
2012-06-26 09:52:18 ----A---- C:\Windows\system32\IasMigPlugin.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\iashlpr.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\iasdatastore.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\iasads.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\iasacct.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\hbaapi.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\gpupdate.exe
2012-06-26 09:52:18 ----A---- C:\Windows\system32\gpsvc.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\gpresult.exe
2012-06-26 09:52:18 ----A---- C:\Windows\system32\dmusic.dll
2012-06-26 09:52:18 ----A---- C:\Windows\system32\dmsynth.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\hidserv.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\hdwwiz.exe
2012-06-26 09:52:17 ----A---- C:\Windows\system32\gpapi.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\gdi32.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fontext.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\findstr.exe
2012-06-26 09:52:17 ----A---- C:\Windows\system32\feclient.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdWSD.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdWCN.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdSSDP.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdProxy.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdeploy.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdBthProxy.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fdBth.dll
2012-06-26 09:52:17 ----A---- C:\Windows\system32\fc.exe
2012-06-26 09:52:17 ----A---- C:\Windows\system32\Faultrep.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\gpedit.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2012-06-26 09:52:16 ----A---- C:\Windows\system32\fundisc.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\ftp.exe
2012-06-26 09:52:16 ----A---- C:\Windows\system32\autochk.exe
2012-06-26 09:52:16 ----A---- C:\Windows\system32\authz.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\authui.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\audiosrv.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\AudioSes.dll
2012-06-26 09:52:16 ----A---- C:\Windows\system32\audiodg.exe
2012-06-26 09:52:15 ----A---- C:\Windows\system32\autoplay.dll
2012-06-26 09:52:15 ----A---- C:\Windows\system32\autofmt.exe
2012-06-26 09:52:15 ----A---- C:\Windows\system32\autoconv.exe
2012-06-26 09:52:14 ----A---- C:\Windows\system32\bthci.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\browseui.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\brcpl.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\blackbox.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\bitsigd.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\BFE.DLL
2012-06-26 09:52:14 ----A---- C:\Windows\system32\bcrypt.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\basecsp.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\azroles.dll
2012-06-26 09:52:14 ----A---- C:\Windows\system32\accessibilitycpl.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\crypt32.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\credui.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\conime.exe
2012-06-26 09:52:13 ----A---- C:\Windows\system32\comuid.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\comsvcs.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\apphelp.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\apds.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\advapi32.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\adtschema.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\adsmsext.dll
2012-06-26 09:52:13 ----A---- C:\Windows\system32\adsldpc.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2012-06-26 09:52:12 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\DevicePairing.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\DeviceEject.exe
2012-06-26 09:52:12 ----A---- C:\Windows\system32\dbgeng.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\davclnt.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\dataclen.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\d3d9.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\csrstub.exe
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cscript.exe
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cscdll.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cscapi.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cryptui.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\connect.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\comdlg32.dll
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cmmon32.exe
2012-06-26 09:52:12 ----A---- C:\Windows\system32\cmdial32.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\chsbrkr.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\cipher.exe
2012-06-26 09:52:11 ----A---- C:\Windows\system32\ci.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\certmgr.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\CertEnrollUI.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\CertEnroll.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\certcli.dll
2012-06-26 09:52:11 ----A---- C:\Windows\system32\cbsra.exe
2012-06-26 09:52:11 ----A---- C:\Windows\system32\bthudtask.exe
2012-06-26 09:52:11 ----A---- C:\Windows\system32\bthserv.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msihnd.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msiexec.exe
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msi.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msftedit.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msexch40.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msexcl40.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\msdtctm.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\chtbrkr.dll
2012-06-26 09:52:10 ----A---- C:\Windows\system32\certutil.exe
2012-06-26 09:52:10 ----A---- C:\Windows\system32\certreq.exe
2012-06-26 09:52:10 ----A---- C:\Windows\system32\certprop.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msimsg.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msdtcprx.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msdrm.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msctfui.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msctfp.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\msctf.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\MPSSVC.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\mprapi.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\mpr.dll
2012-06-26 09:52:09 ----A---- C:\Windows\system32\MMDevAPI.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\netplwiz.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\netlogon.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\netcenter.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\netapi32.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\ncryptui.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\ncrypt.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mtxclu.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mscories.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mscorier.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mscoree.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mscms.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\mscandui.dll
2012-06-26 09:52:08 ----A---- C:\Windows\system32\modemui.dll
2012-06-26 09:52:06 ----A---- C:\Windows\system32\NcdProp.dll
2012-06-26 09:52:06 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\newdev.exe
2012-06-26 09:52:05 ----A---- C:\Windows\system32\newdev.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\networkmap.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\networkitemfactory.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\networkexplorer.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\netshell.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msscntrs.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msscb.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msrepl40.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msrd3x40.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\mspbde40.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msnetobj.dll
2012-06-26 09:52:05 ----A---- C:\Windows\system32\msltus40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msxbde40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mswstr10.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mswsock.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mswdat10.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\MSVidCtl.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msvcrt.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msvcp60.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msutb.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mssrch.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mssprxy.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mssphtb.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\mssph.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msshooks.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msrd2x40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msjtes40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msjter40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msjint40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msjetoledb40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msjet40.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msisip.dll
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msinfo32.exe
2012-06-26 09:52:04 ----A---- C:\Windows\system32\msimtf.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\mstlsapi.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\mstext40.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\mssvp.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\msstrc.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\mssitlb.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\msshsq.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\msscp.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\InkEd.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\infocardapi.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\inetppui.dll
2012-06-26 09:52:03 ----A---- C:\Windows\system32\inetpp.dll
2012-06-26 09:52:02 ----A---- C:\Windows\system32\iscsilog.dll
2012-06-26 09:52:02 ----A---- C:\Windows\system32\ipsmsnap.dll
2012-06-26 09:52:02 ----A---- C:\Windows\system32\IPSECSVC.DLL
2012-06-26 09:52:02 ----A---- C:\Windows\system32\imm32.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\ipsecsnp.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2012-06-26 09:52:01 ----A---- C:\Windows\system32\ipconfig.exe
2012-06-26 09:52:01 ----A---- C:\Windows\system32\input.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\IMJP10K.DLL
2012-06-26 09:52:01 ----A---- C:\Windows\system32\ifmon.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\icardres.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\icardagt.exe
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iassvcs.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iassdo.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iassam.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iasrecst.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iasrad.dll
2012-06-26 09:52:01 ----A---- C:\Windows\system32\iaspolcy.dll
2012-06-26 09:52:00 ----A---- C:\Windows\system32\imapi2fs.dll
2012-06-26 09:52:00 ----A---- C:\Windows\system32\imapi2.dll
2012-06-26 09:52:00 ----A---- C:\Windows\system32\imapi.dll
2012-06-26 09:52:00 ----A---- C:\Windows\system32\IKEEXT.DLL
2012-06-26 09:51:58 ----A---- C:\Windows\system32\mimefilt.dll
2012-06-26 09:51:58 ----A---- C:\Windows\system32\milcore.dll
2012-06-26 09:51:58 ----A---- C:\Windows\system32\midimap.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mmcndmgr.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mmcico.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mmci.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mmc.exe
2012-06-26 09:51:57 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\mblctr.exe
2012-06-26 09:51:57 ----A---- C:\Windows\system32\logman.exe
2012-06-26 09:51:57 ----A---- C:\Windows\system32\logagent.exe
2012-06-26 09:51:57 ----A---- C:\Windows\system32\l2nacp.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\korwbrkr.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\kdusb.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\kdcom.dll
2012-06-26 09:51:57 ----A---- C:\Windows\system32\kd1394.dll
2012-06-26 09:51:56 ----A---- C:\Windows\system32\shsetup.dll
2012-06-26 09:51:56 ----A---- C:\Windows\system32\Magnify.exe
2012-06-26 09:51:55 ----A---- C:\Windows\system32\wercon.exe
2012-06-26 09:51:55 ----A---- C:\Windows\system32\WebClnt.dll
2012-06-26 09:51:54 ----A---- C:\Windows\system32\wer.dll
2012-06-26 09:51:54 ----A---- C:\Windows\system32\wdscore.dll
2012-06-26 09:51:53 ----A---- C:\Windows\system32\wdc.dll
2012-06-26 09:51:49 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2012-06-26 09:51:46 ----A---- C:\Windows\system32\whealogr.dll
2012-06-26 09:51:46 ----A---- C:\Windows\system32\wevtutil.exe
2012-06-26 09:51:46 ----A---- C:\Windows\system32\wevtsvc.dll
2012-06-26 09:51:45 ----A---- C:\Windows\system32\WerFaultSecure.exe
2012-06-26 09:51:44 ----A---- C:\Windows\system32\wevtapi.dll
2012-06-26 09:51:44 ----A---- C:\Windows\system32\wersvc.dll
2012-06-26 09:51:44 ----A---- C:\Windows\system32\WerFault.exe
2012-06-26 09:51:43 ----A---- C:\Windows\system32\win32spl.dll
2012-06-26 09:51:42 ----A---- C:\Windows\system32\wiaaut.dll
2012-06-26 09:51:41 ----A---- C:\Windows\system32\wiaservc.dll
2012-06-26 09:51:41 ----A---- C:\Windows\system32\version.dll
2012-06-26 09:51:41 ----A---- C:\Windows\system32\vdsutil.dll
2012-06-26 09:51:41 ----A---- C:\Windows\system32\vdsdyn.dll
2012-06-26 09:51:41 ----A---- C:\Windows\system32\vds.exe
2012-06-26 09:51:41 ----A---- C:\Windows\system32\vdmdbg.dll
2012-06-26 09:51:39 ----A---- C:\Windows\system32\uxsms.dll
2012-06-26 09:51:39 ----A---- C:\Windows\system32\Utilman.exe
2012-06-26 09:51:39 ----A---- C:\Windows\system32\user32.dll
2012-06-26 09:51:38 ----A---- C:\Windows\system32\userenv.dll
2012-06-26 09:51:38 ----A---- C:\Windows\system32\usercpl.dll
2012-06-26 09:51:33 ----A---- C:\Windows\system32\WcnNetsh.dll
2012-06-26 09:51:33 ----A---- C:\Windows\system32\wcncsvc.dll
2012-06-26 09:51:31 ----A---- C:\Windows\system32\wcnwiz2.dll
2012-06-26 09:51:28 ----A---- C:\Windows\system32\wcnwiz.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\WSDMon.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wsdchngr.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wscsvc.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wscript.exe
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wscntfy.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wscisvif.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\WscEapPr.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wscapi.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\wow32.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2012-06-26 09:51:26 ----A---- C:\Windows\system32\WMVSDECD.DLL
2012-06-26 09:51:26 ----A---- C:\Windows\system32\WMVENCOD.DLL
2012-06-26 09:51:26 ----A---- C:\Windows\system32\w32time.dll
2012-06-26 09:51:26 ----A---- C:\Windows\system32\VSSVC.exe
2012-06-26 09:51:26 ----A---- C:\Windows\system32\vssapi.dll
2012-06-26 09:51:08 ----A---- C:\Windows\system32\xmlfilter.dll
2012-06-26 09:51:08 ----A---- C:\Windows\system32\wusa.exe
2012-06-26 09:51:08 ----A---- C:\Windows\system32\wsepno.dll
2012-06-26 09:51:08 ----A---- C:\Windows\system32\wpcsvc.dll
2012-06-26 09:51:08 ----A---- C:\Windows\system32\wpccpl.dll
2012-06-26 09:51:08 ----A---- C:\Windows\system32\wpcao.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wsnmp32.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\WsmSvc.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wshext.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wshbth.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wlgpclnt.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\Wldap32.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wlanui.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wlanpref.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wlangpui.dll
2012-06-26 09:51:07 ----A---- C:\Windows\system32\wisptis.exe
2012-06-26 09:51:06 ----A---- C:\Windows\system32\wmpeffects.dll
2012-06-26 09:51:06 ----A---- C:\Windows\system32\WMNetMgr.dll
2012-06-26 09:51:06 ----A---- C:\Windows\system32\WinSCard.dll
2012-06-26 09:51:06 ----A---- C:\Windows\system32\WinSAT.exe
2012-06-26 09:51:06 ----A---- C:\Windows\system32\winrnr.dll
2012-06-26 09:51:06 ----A---- C:\Windows\system32\winresume.exe
2012-06-26 09:51:06 ----A---- C:\Windows\system32\winmm.dll
2012-06-26 09:51:06 ----A---- C:\Windows\system32\winlogon.exe
2012-06-26 09:51:06 ----A---- C:\Windows\system32\winload.exe
2012-06-26 09:51:05 ----A---- C:\Windows\system32\wmdrmsdk.dll
2012-06-26 09:51:05 ----A---- C:\Windows\system32\sud.dll
2012-06-26 09:51:05 ----A---- C:\Windows\system32\Storprop.dll
2012-06-26 09:51:04 ----A---- C:\Windows\system32\srchadmin.dll
2012-06-26 09:51:04 ----A---- C:\Windows\system32\srcore.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\sysmain.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\sysclass.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SyncCenter.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\swprv.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\smss.exe
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SmiEngine.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SMBHelperClass.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\slwmi.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\slwga.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SLUI.exe
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SLsvc.exe
2012-06-26 09:51:00 ----A---- C:\Windows\system32\slmgr.vbs
2012-06-26 09:51:00 ----A---- C:\Windows\system32\slcc.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\SLC.dll
2012-06-26 09:51:00 ----A---- C:\Windows\system32\shwebsvc.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\sqlsrv32.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spwizui.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spwinsat.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spreview.exe
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spp.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spoolss.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spinstall.exe
2012-06-26 09:50:59 ----A---- C:\Windows\system32\sperror.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\spcmsg.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\SndVol.exe
2012-06-26 09:50:59 ----A---- C:\Windows\system32\SLUINotify.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\SLLUA.exe
2012-06-26 09:50:59 ----A---- C:\Windows\system32\SLCommDlg.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\slcinst.dll
2012-06-26 09:50:59 ----A---- C:\Windows\system32\SLCExt.dll
2012-06-26 09:50:58 ----A---- C:\Windows\system32\TsWpfWrp.exe
2012-06-26 09:50:58 ----A---- C:\Windows\system32\TSTheme.exe
2012-06-26 09:50:58 ----A---- C:\Windows\system32\softkbd.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\zipfldr.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\untfs.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\ulib.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\uDWM.dll
2012-06-26 09:50:53 ----A---- C:\Windows\system32\systemcpl.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\tquery.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\themeui.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\themecpl.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\thawbrkr.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\termsrv.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\tcpmon.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\tcpipcfg.dll
2012-06-26 09:50:52 ----A---- C:\Windows\system32\tapisrv.dll
2012-06-26 09:00:12 ----A---- C:\Windows\zip.exe
2012-06-26 09:00:12 ----A---- C:\Windows\SWSC.exe
2012-06-26 09:00:12 ----A---- C:\Windows\SWREG.exe
2012-06-26 09:00:12 ----A---- C:\Windows\sed.exe
2012-06-26 09:00:12 ----A---- C:\Windows\PEV.exe
2012-06-26 09:00:12 ----A---- C:\Windows\NIRCMD.exe
2012-06-26 09:00:12 ----A---- C:\Windows\MBR.exe
2012-06-26 09:00:12 ----A---- C:\Windows\grep.exe
2012-06-25 18:22:29 ----A---- C:\Windows\system32\gameux.dll
2012-06-25 18:22:28 ----A---- C:\Windows\system32\Apphlpdm.dll
2012-06-25 18:22:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2012-06-25 18:22:00 ----A---- C:\Windows\system32\kernel32.dll

======List of files/folders modified in the last 1 months======

2012-06-28 19:44:25 ----D---- C:\Program Files\trend micro
2012-06-28 19:32:18 ----D---- C:\Windows\System32
2012-06-28 19:32:18 ----D---- C:\Windows\inf
2012-06-28 19:32:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-28 19:28:30 ----D---- C:\Program Files\Mozilla Firefox
2012-06-28 15:55:48 ----D---- C:\Windows
2012-06-28 08:17:43 ----D---- C:\Windows\system32\catroot2
2012-06-27 17:56:02 ----SHD---- C:\System Volume Information
2012-06-27 17:19:49 ----D---- C:\Windows\system32\drivers
2012-06-27 17:19:49 ----D---- C:\Qoobox
2012-06-27 17:15:19 ----A---- C:\Windows\system.ini
2012-06-27 17:14:00 ----D---- C:\Windows\ERDNT
2012-06-27 17:13:23 ----RD---- C:\Program Files
2012-06-27 17:13:23 ----D---- C:\Windows\Tasks
2012-06-27 17:10:57 ----D---- C:\Windows\AppPatch
2012-06-27 17:10:56 ----D---- C:\Program Files\Common Files
2012-06-27 16:49:41 ----D---- C:\Users\Dluhosova\AppData\Roaming\Skype
2012-06-27 16:49:37 ----D---- C:\ProgramData\GameXN
2012-06-27 16:04:34 ----D---- C:\Users\Dluhosova\AppData\Roaming\go
2012-06-27 09:42:51 ----A---- C:\Windows\Slovnik.INI
2012-06-26 11:03:22 ----D---- C:\Windows\rescache
2012-06-26 10:36:07 ----RD---- C:\Windows\Offline Web Pages
2012-06-26 10:36:07 ----D---- C:\Windows\system32\wbem
2012-06-26 10:36:07 ----D---- C:\Windows\system32\sk-SK
2012-06-26 10:36:07 ----D---- C:\Windows\system32\migration
2012-06-26 10:36:07 ----D---- C:\Windows\system32\en-US
2012-06-26 10:36:07 ----D---- C:\Windows\PolicyDefinitions
2012-06-26 10:36:07 ----D---- C:\Program Files\Internet Explorer
2012-06-26 10:36:05 ----SD---- C:\Windows\Downloaded Program Files
2012-06-26 10:35:06 ----D---- C:\Windows\winsxs
2012-06-26 10:35:02 ----D---- C:\Windows\system32\catroot
2012-06-26 10:34:05 ----D---- C:\Windows\SoftwareDistribution
2012-06-26 10:19:49 ----D---- C:\Windows\Microsoft.NET
2012-06-26 10:19:48 ----RSD---- C:\Windows\assembly
2012-06-26 10:17:03 ----D---- C:\Boot
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Sidebar
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Photo Gallery
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Media Player
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Mail
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Collaboration
2012-06-26 10:12:00 ----D---- C:\Program Files\Windows Calendar
2012-06-26 10:12:00 ----D---- C:\Program Files\Movie Maker
2012-06-26 10:11:56 ----D---- C:\Windows\servicing
2012-06-26 10:11:56 ----D---- C:\Program Files\Windows Defender
2012-06-26 10:11:56 ----D---- C:\Program Files\Common Files\System
2012-06-26 10:11:55 ----D---- C:\Windows\IME
2012-06-26 10:11:54 ----D---- C:\Windows\system32\XPSViewer
2012-06-26 10:11:54 ----D---- C:\Windows\system32\oobe
2012-06-26 10:11:54 ----D---- C:\Windows\system32\lv-LV
2012-06-26 10:11:54 ----D---- C:\Windows\system32\ko-KR
2012-06-26 10:11:54 ----D---- C:\Windows\system32\it-IT
2012-06-26 10:11:54 ----D---- C:\Windows\system32\hr-HR
2012-06-26 10:11:54 ----D---- C:\Windows\system32\et-EE
2012-06-26 10:11:54 ----D---- C:\Windows\system32\el-GR
2012-06-26 10:11:54 ----D---- C:\Windows\system32\de-DE
2012-06-26 10:11:54 ----D---- C:\Windows\system32\da-DK
2012-06-26 10:11:53 ----D---- C:\Windows\system32\zh-TW
2012-06-26 10:11:53 ----D---- C:\Windows\system32\zh-CN
2012-06-26 10:11:53 ----D---- C:\Windows\system32\uk-UA
2012-06-26 10:11:53 ----D---- C:\Windows\system32\th-TH
2012-06-26 10:11:53 ----D---- C:\Windows\system32\sv-SE
2012-06-26 10:11:53 ----D---- C:\Windows\system32\sr-Latn-CS
2012-06-26 10:11:53 ----D---- C:\Windows\system32\SLUI
2012-06-26 10:11:53 ----D---- C:\Windows\system32\sl-SI
2012-06-26 10:11:53 ----D---- C:\Windows\system32\setup
2012-06-26 10:11:53 ----D---- C:\Windows\system32\ru-RU
2012-06-26 10:11:53 ----D---- C:\Windows\system32\ro-RO
2012-06-26 10:11:53 ----D---- C:\Windows\system32\pt-PT
2012-06-26 10:11:53 ----D---- C:\Windows\system32\pl-PL
2012-06-26 10:11:53 ----D---- C:\Windows\system32\manifeststore
2012-06-26 10:11:53 ----D---- C:\Windows\system32\ja-JP
2012-06-26 10:11:53 ----D---- C:\Windows\system32\hu-HU
2012-06-26 10:11:53 ----D---- C:\Windows\system32\he-IL
2012-06-26 10:11:53 ----D---- C:\Windows\system32\fr-FR
2012-06-26 10:11:53 ----D---- C:\Windows\system32\fi-FI
2012-06-26 10:11:53 ----D---- C:\Windows\system32\es-ES
2012-06-26 10:11:53 ----D---- C:\Windows\system32\en
2012-06-26 10:11:53 ----D---- C:\Windows\system32\cs-CZ
2012-06-26 10:11:53 ----D---- C:\Windows\system32\bg-BG
2012-06-26 10:11:53 ----D---- C:\Windows\system32\AdvancedInstallers
2012-06-26 10:11:52 ----D---- C:\Windows\system32\tr-TR
2012-06-26 10:11:52 ----D---- C:\Windows\system32\pt-BR
2012-06-26 10:11:52 ----D---- C:\Windows\system32\nl-NL
2012-06-26 10:11:52 ----D---- C:\Windows\system32\nb-NO
2012-06-26 10:11:52 ----D---- C:\Windows\system32\migwiz
2012-06-26 10:11:52 ----D---- C:\Windows\system32\lt-LT
2012-06-26 10:11:52 ----D---- C:\Windows\system32\ar-SA
2012-06-26 10:11:43 ----RSD---- C:\Windows\Fonts
2012-06-26 10:11:39 ----D---- C:\Windows\system32\Boot
2012-06-26 10:10:03 ----D---- C:\Windows\system32\RTCOM
2012-06-26 09:19:55 ----D---- C:\ProgramData
2012-06-26 09:01:51 ----D---- C:\Windows\Prefetch
2012-06-25 19:10:08 ----D---- C:\Windows\Debug
2012-06-24 19:24:23 ----D---- C:\Users\Dluhosova\AppData\Roaming\skypePM
2012-06-22 09:08:51 ----A---- C:\Windows\NeroDigital.ini
2012-06-03 23:35:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-02-16 38400]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-02-19 5120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-02 2175256]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-12 7611360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-07 118784]
S3 a6xb3esz;a6xb3esz; C:\Windows\system32\drivers\a6xb3esz.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 146368]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-12 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#11 Příspěvek od **Mc_Murphy** » 28 čer 2012 19:08

m_artin píše:Počítač šlape... nebadam nejake zmeny v spomaleni, alebo zasekavani, možno by som skôr povedal, že ide mierne lepšie a plynulejšie.. zatiaľ všetko funguje...

Super, to moc rád slyším.

Každopádně se mi ještě něco drobně nepozdává, tak pro jistotu proveď scan s MBAM podle návodu.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

m_artin · #12 Příspěvek od **m_artin** » 29 čer 2012 10:12

MBAM použivam už dosť často, zda sa mi najlepši na malware a spyware.. tak raz za mesiac prebehnem s MBAM,ale väčšinou rychlu kontrolu...teraz som ho zaktualizoval a dal uplnu kontrolu... robil cez 2 hodiny a našiel 3 skodlive subory.. myslim, že niesu dôlezite... tu je log:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.61.0.1400
www.malwarebytes.org

Verzia databázy: v2012.06.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dluhosova :: DLUHOSOVA-PC [administrátor]

Ochrana: Vypnuté

29. 6. 2012 8:30:02
mbamlog1.txt

Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 339897
Uplynutý čas: 2 hod, 28 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 3
C:\Users\Dluhosova\Downloads\MGControl65.EXE (Virus.Sality) -> Žiadna úloha nevykonaná.
C:\Users\Dluhosova\Downloads\MGControl65(2).EXE (Virus.Sality) -> Žiadna úloha nevykonaná.
C:\Users\Dluhosova\Downloads\MGControl65(3).EXE (Virus.Sality) -> Žiadna úloha nevykonaná.

(koniec)

#13 Příspěvek od **Mc_Murphy** » 29 čer 2012 13:55

Ano, MBAM patří mezi jedny z nejlepších detekčních nástrojů, co se nejen malware a spyware týče.
Každopádně si vždy před scanem aktualizuj jak program, tak virovou databázi. A vždy se ujisti, že nemáš MBAM nastavený ve spouštění při startu systému a že není nastaven jako rezidentní ochrana. Obojí by mohlo způsobit kolize s antivirem, případně i firewallem a v krajních případech toto může způsobit i neočekávané pády systému. Jedinou nevýhodou bych asi viděl jen to, že mívá občas falešné detekce, což si myslím, že je i případ u Tebe. Jestli chceš, můžeš si soubor otestovat na stránkách VirusTotal, ale myslím si, že se MBAMu nelíbí pouze to, že ten, kdo to stahoval, to stáhnul vícekrát, aniž by smazal původní soubor, proto ta čísla v závorkách za jménem souboru. Takže bych to klidně nechal MBAMem smazat.

No a dále tedy fixni v HJT níže uvedené položky.

Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
Položky, které v seznamu nenajdeš, prostě přeskoč.
HJT najdeš zde: C:\Program Files\trend micro\Dluhosova.exe

Bude-li Avast křičet, že to chce otevřít v Sandboxu, nedovol to! Vyber možnost Otevřít normálně!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)

Dále stáhni utilitu OTM z jednoho z těchto odkazů:

Ulož ji na Plochu a dvojklikem spusť.

Bude-li Avast křičet, že to chce otevřít v Sandboxu, nedovol to! Vyber možnost Otevřít normálně!

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Services
gupdate
gupdatem
Nero BackItUp Scheduler 3
NMIndexingService
catchme

:Files
C:\$RECYCLE.BIN
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

m_artin · #14 Příspěvek od **m_artin** » 29 čer 2012 20:02

ano nova verzia MBAM automaticky po štarte PC zapla rezidentnu ochranu, a presne na tu som sa chcel opytať či nebude s Avastom problemova, preto som ju manualne vypol a aj v nastaveniach som to nastavil aby sa automaticky nezapinala. Tie 3 subory som v MBAM-e zmazal. V MBAMe v karantene som si však všimol ze mam ďalšie veci a neviem čo s nimi. Konkretne su tam 2 položky ktore sa opakuju:

Hrozba - Security.Hijack, Kategória - Registry Key, Položka - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe

Hrozba - Security.Hijack, Kategória - Registry Key, Položka - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe

Čo s nimi, zmazať, obnoviť? alebo nechať tak?

V HJT som fixol obe položky a tu je log z OTM:

All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dluhosova
->Temp folder emptied: 3132426 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80399116 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 14744 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 206952918 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 277,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dluhosova
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-140570388-2203483276-3984906766-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B0.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp folder moved successfully.
C:\Windows\Installer\MSI5281.tmp moved successfully.
C:\Windows\Installer\MSI6B1D.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.

OTM by OldTimer - Version 3.1.21.0 log created on 06292012_203922

Files moved on Reboot...
File C:\Windows\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

#15 Příspěvek od **Mc_Murphy** » 30 čer 2012 07:01

Ano, MBAM by s Avastem či s jakýmkoliv jiným antivirem mohl kolidovat. V lepším případě bys mohl pozorovat jen zpomalení počítače, v tom horším i nenadálé pády systému.
MBAM je hodně dobrý, ale v případě, že máš antivir je lepší jej používat jen k občasným preventivním scanům.

Ty dvě položky bych z karantény klidně nechal odstranit - smazat natrvalo. Pokud počítač šlape v pohodě, nebyly v systému třeba, takže je klidně můžeš odpálit.

Jinak nám OTM provedl, co měl, tak můžeme dočistit a máme hotovo.

OTC http://oldtimer.geekstogo.com/OTC.exe

Stáhni a spusť.
Klikni na CleanUp a potvrď YES.
Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

Stáhni a spusť.
Klikni na Start a potvrď OK.
Program uklidí a může (nemusí) restartovat PC.
Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

Panel čistič
Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

Panel registry
Klikni na Hledej problémy.
Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

Panel nástroje
Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

VIRY.CZ

Preventivna kontrola logu z RSIT

Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT

Re: Preventivna kontrola logu z RSIT