Prosim o pomoc s odstranenim Live Security Platinum

Zpráva

Dr.Sova · #16 Příspěvek od **Dr.Sova** » 03 zář 2012 13:19

.
(((((((((((((((((((((((((((((((((((((((( Find3M v�pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 07:17 . 2010-11-29 00:26 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-17 06:36 . 2012-07-17 06:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2012-07-17 06:36 . 2012-07-17 06:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2012-07-17 06:36 . 2012-07-17 06:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2012-07-17 06:36 . 2012-07-17 06:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2012-07-17 06:36 . 2012-07-17 06:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2012-07-17 06:36 . 2012-07-17 06:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2012-07-17 06:36 . 2012-07-17 06:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2012-07-17 06:36 . 2012-07-17 06:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2012-07-17 06:36 . 2012-07-17 06:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-21 19:53 . 2012-06-21 19:56 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-06-21 19:53 . 2012-06-21 19:56 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-06-21 19:53 . 2012-06-21 19:56 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-06-21 19:53 . 2012-06-21 19:56 21288 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-06-18 09:41 . 2012-06-18 09:41 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-06-18 08:38 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-18 08:38 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-09 05:43 . 2012-07-11 08:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 07:49 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 07:49 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 07:33 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 07:49 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:49 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:33 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
(((((((((((((((((((((((((((((((((( Spou�t�c� body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn�mka* pr�zdn� z�znamy a legitimn� v�choz� �daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-11-05 1129832]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2010-11-18 215944]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 gupdate;Slu�ba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-06-21 35104]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 gupdatem;Slu�ba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
R3 LeadCore_57XX_AutoEjecDiskDrv;LeadCore_57XX Auto-Eject Disk Monitor Filter Driver;c:\windows\system32\drivers\LeadCore_57XX_AutoEjectCD.sys [2010-04-02 22352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-09 1098784]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-11-23 205952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Slu�ba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
R3 WSDPrintDevice;Podpora tisku WSD prost�ednictv�m funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys [2011-09-26 74768]
.

Dr.Sova · #17 Příspěvek od **Dr.Sova** » 03 zář 2012 13:22

.
Obsah adres��e 'Napl�novan� �lohy'
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:00]
.
2012-09-02 c:\windows\Tasks\oo.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:00]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
- c:\users\Lucka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 09:59]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job
- c:\users\Lucka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 09:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-20 307768]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Dopl�kov� sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.familyservice.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obr�zek do za��zen� &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat str�nku do za��zen� &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - Search
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc- ... 6195426&q=
FF - user.js: extensions.searchya.id - 60EB6926D7B2E843
FF - user.js: extensions.searchya.instlDay - 15565
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.020:55
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - tc-100
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
.
- - - - NEPLATN� POLO�KY ODSTRAN�N� Z REGISTRU - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUT� KL��E V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov� �as: 2012-09-03 13:50:08
ComboFix-quarantined-files.txt 2012-09-03 11:50
.
P�ed spu�t�n�m: Voln�ch bajt�: 144�622�080�000
Po spu�t�n�: Voln�ch bajt�: 144�366�297�088
.
- - End Of File - - 7C24C7718BB90302EBF44752D4A08599

#18 Příspěvek od **vyosek** » 03 zář 2012 13:49

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

Dr.Sova · #19 Příspěvek od **Dr.Sova** » 03 zář 2012 13:57

DDS (Ver_2011-09-30.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Lucka at 14:52:36 on 2012-09-03
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1913.1204 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: STOPzilla! *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla! *Disabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.familyservice.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obr�zek do za��zen� &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat str�nku do za��zen� &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.42.129
TCP: Interfaces\{7066ABC4-FD58-4F49-895D-D6EBE4516B2B} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9BFE7EA4-192B-4D2E-BA97-6E41A4B23FD8}\0727163656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9BFE7EA4-192B-4D2E-BA97-6E41A4B23FD8}\0756E63796F6E6D234542594 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9BFE7EA4-192B-4D2E-BA97-6E41A4B23FD8}\77962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9BFE7EA4-192B-4D2E-BA97-6E41A4B23FD8}\8647368383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CE7753A1-9E8C-48C5-843F-DC2EA9FF987F} : DHCPNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - Search
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc- ... 6195426&q=
FF - user.js: extensions.searchya.id - 60EB6926D7B2E843
FF - user.js: extensions.searchya.instlDay - 15565
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.020:55:59
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - tc-100
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
S1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-11-29 15400]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
S2 gupdate;Slu�ba Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-30 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-29 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-11-29 93032]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-2 655944]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
S2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-11-29 63928]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2011-12-16 33888]
S3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2011-12-16 33888]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-11-29 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-21 35104]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 gupdatem;Slu�ba Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-30 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;C:\Windows\System32\drivers\ewdcsc.sys [2011-9-30 29696]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-9-30 114304]
S3 LeadCore_57XX_AutoEjecDiskDrv;LeadCore_57XX Auto-Eject Disk Monitor Filter Driver;C:\Windows\System32\drivers\LeadCore_57XX_AutoEjectCD.sys [2010-11-29 22352]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-2 24904]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-3-9 1098784]
S3 StorSvc;Slu�ba �lo�i�t�;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-11-29 205952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Slu�ba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
S3 WSDPrintDevice;Podpora tisku WSD prost�ednictv�m funkce UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
.
=============== Created Last 30 ================
.
2012-09-03 12:11:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-03 11:27:35 98816 ----a-w- C:\Windows\sed.exe
2012-09-03 11:27:35 256000 ----a-w- C:\Windows\PEV.exe
2012-09-03 11:27:35 208896 ----a-w- C:\Windows\MBR.exe
2012-09-03 09:27:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47CA3795-29D1-458A-BF40-F7654BC4BE6C}\offreg.dll
2012-09-02 20:51:37 -------- d-----w- C:\Users\Lucka\AppData\Roaming\Malwarebytes
2012-09-02 20:51:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-02 20:51:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-02 20:51:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-02 19:31:13 -------- d-----w- C:\Program Files (x86)\trend micro
2012-09-02 19:20:32 110080 ----a-r- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-02 19:20:32 110080 ----a-r- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-02 19:20:32 110080 ----a-r- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-02 19:20:31 -------- d-----w- C:\sh4ldr
2012-09-02 19:20:31 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-02 19:19:28 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-02 19:19:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-02 17:35:07 -------- d-----w- C:\ProgramData\STOPzilla!
2012-09-02 17:35:07 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-08-31 07:43:17 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47CA3795-29D1-458A-BF40-F7654BC4BE6C}\mpengine.dll
2012-08-28 12:16:25 -------- d-----w- C:\Users\Lucka\AppData\Local\Apps
2012-08-28 12:16:23 -------- d-----w- C:\Users\Lucka\AppData\Local\Deployment
2012-08-21 07:25:26 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-17 08:54:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-17 08:54:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-17 08:54:05 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-17 08:54:05 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-17 08:54:04 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-17 08:53:45 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-17 08:53:30 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-17 08:53:29 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-17 08:53:29 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-17 08:53:29 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-17 08:53:25 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-13 19:20:13 -------- d-----w- C:\Program Files (x86)\JDownloader
2012-08-13 18:56:04 -------- d-----w- C:\Program Files (x86)\SearchYa!
2012-08-07 06:29:12 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-08-07 06:29:02 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-08-07 06:28:56 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll
.
==================== Find3M ====================
.
2012-07-17 06:36:16 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-07-17 06:36:16 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-07-17 06:36:14 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-07-17 06:36:12 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-07-17 06:36:06 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-07-17 06:36:06 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-07-17 06:36:04 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-07-17 06:36:04 456568 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-07-17 06:36:02 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-21 19:53:47 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-06-21 19:53:47 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-06-21 19:53:46 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-06-21 19:53:46 21288 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-06-18 09:41:52 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2012-06-18 08:38:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-18 08:38:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 14:52:53,57 ===============

nightFlyer · #20 Příspěvek od **nightFlyer** » 03 zář 2012 16:20

Som sa snazil iba pomoct ste ma nemuseli hned oznacit ako nedoveryhodneho.
S rogue virusom mam vlastne skusenosti a rozoberalo sa to o par prispevkou nizsie - vyzera to ako casty problem,
Iba som skopiroval rady jedneho z radcov v spravnom poradi. Ako spiderman

som urobil som 80% vasej prace a vy
nevdacne poukazujete na porusovanie pravidiel, mimochodom zdlhave rady a ziadosti o logy sa mi zdali prehnane pretoze
to zrejme mbam uz detekoval. Ale tak dik, zrejme si budem musiet poradit so svojim problemom sam. A dufam ze aj teba
bude niekto jebat a udelovat sankcie za obdobne porusenie pravidiel.

#21 Příspěvek od **Rudy** » 03 zář 2012 16:41

Podle pravidel smí řešit logy pouze ten, který prošel naším školením. Vy jste 2x toto pravidlo porušil, proto vám byl nastaven rank "nedůvěryhodný".

#22 Příspěvek od **vyosek** » 03 zář 2012 17:31

nightFlyer píše:Som sa snazil iba pomoct ste ma nemuseli hned oznacit ako nedoveryhodneho.
S rogue virusom mam vlastne skusenosti a rozoberalo sa to o par prispevkou nizsie - vyzera to ako casty problem,
Iba som skopiroval rady jedneho z radcov v spravnom poradi. Ako spiderman som urobil som 80% vasej prace a vy
nevdacne poukazujete na porusovanie pravidiel, mimochodom zdlhave rady a ziadosti o logy sa mi zdali prehnane pretoze
to zrejme mbam uz detekoval. Ale tak dik, zrejme si budem musiet poradit so svojim problemom sam. A dufam ze aj teba
bude niekto jebat a udelovat sankcie za obdobne porusenie pravidiel.

Do PMky i threadu jsem Vam jasne napsal, abyste rady neposkytoval - vzal jste to na vedomi a vzapeti poskytl dalsi rady, co si o tom dale myslet ze...

Live Security Platinum s sebou vetsinou nese i infekci ZeroAccess, kterou MBAM tezko odhaluje, pripadne neumi lecit patchnuty soubor services.exe.

Pokud se Vam nelibi ze tady davame komplexni rady, snazime se radne a vsechnu havet odhalit nikdo Vas to nenuti cist a tlacitko Odhlasit je vlevo nahore.

Udeleni varovani a ranku Neduveryhodny bylo i ostatnimi kolegy odsouhlaseno a neni s tim problem. O tom kdo bude pripadne jebat me se opravdu Vy starat nemusite. Pokud se Vam presto muj postup nelibi, muzete podat stiznost na me jednani k jednomu z adminu Rudymu ci Jamesovi. Jinak ja si nejsem vedom poruseni pravidel v tomto threadu.

Tot z me strany k Vam vse, jen upozornuji, ze v pripade dalsich problemu visi u Vaseho nicku moznost BANu.

Dr.Sova · #23 Příspěvek od **Dr.Sova** » 03 zář 2012 17:56

Dekuju za pomoc. Muzu se zeptat na dalsi postup, mozna jsem prehledla dalsi instrukce...

#24 Příspěvek od **vyosek** » 03 zář 2012 19:16

Omlouvam se za zdrzeni, byl jsem u pritelknyne, takze jsem reagoval jen na problemoveho uzivatele

Luci, dalsi postup je nize, nic jste neprehledla...

Jinak zatim nemate zac, jeste nejsme u konce, ale uz se k nemu zdarne blizime

Odinstalujte STOPzilla!

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe

Folder::
c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

File::
c:\program files (x86)\Freecorder\prxtbFree.dll
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\windows\SySWOW64\drivers\is3srv64.sys
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job

Driver::
gupdate
gupdatem
is3srv

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Freecorder FLV Service"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"Malwarebytes' Anti-Malware"=-

DDS::
uStart Page = hxxp://www.familyservice.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Firefox::
FF - ProfilePath - c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT10609 ... hSource=13
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - Search
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&c ... 2136195426
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&c ... 6195426&q=
FF - user.js: extensions.searchya.id - 60EB6926D7B2E843
FF - user.js: extensions.searchya.instlDay - 15565
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.020:55
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - tc-100
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dr.Sova · #25 Příspěvek od **Dr.Sova** » 03 zář 2012 20:03

Tak ComboFix pise ze za par sekund konci, ale vyskocila na me hlaska : ComboFix potrebuje podrobit vzorky malware dalsi analyze. Ale nejde mi se pripojit k internetu. Mam to nejak dal resit? A nebo dat proste jen OK a najit log?

#26 Příspěvek od **vyosek** » 03 zář 2012 20:05

Dejte OK, pripadne vzorky pak odesleme jinak

Log by mel sam o sobe vyskocit, sledujte pokyny CFka

Dr.Sova · #27 Příspěvek od **Dr.Sova** » 03 zář 2012 20:09

Tak posilam log z CF, diky!

ComboFix 12-09-03.04 - Lucka 03.09.2012 20:38:28.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1913.653 [GMT 2:00]
Spuštěný z: c:\users\Lucka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lucka\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\ConduitEngine\prxConduitEngine.dll"
"c:\program files (x86)\Freecorder\prxtbFree.dll"
"c:\windows\SySWOW64\drivers\is3srv64.sys"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitAutoCompleteSearch.js
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitAutoCompleteSearch.xpt
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.xpt
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\alertSettingsComponent.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\appContextMenu.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\fbAlert.js
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\getAppsContextMenu.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\postAppsContextMenu.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\toolbarContextMenu.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\unsharedAppsContextMenu.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome.manifest
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome\freecorder.jar
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\INSTALL.LOG
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\install.rdf
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\manifest.mf
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\zigbert.rsa
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\zigbert.sf
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\DataStructures.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\EBEncryption.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\ExternalLibraryLoader.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\HTTP.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Chat.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\IO.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Log.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\MainSingleton.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\MD5.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Notifications.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\ObserversAndEvents.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Prefs.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\SearchProtector.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\SearchSuggestIO.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\String.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\TEAEncryption.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Timer.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Twitter.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\URL.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\Windows.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\XML.jsm
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.xml
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\setup.ini
c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\version.txt
c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla36.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_is3srv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-03 do 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 18:47 . 2012-09-03 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 20:51 . 2012-09-02 20:51 -------- d-----w- c:\users\Lucka\AppData\Roaming\Malwarebytes
2012-09-02 20:51 . 2012-09-02 20:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 20:51 . 2012-09-02 20:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-02 20:51 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 19:31 . 2012-09-02 19:31 -------- d-----w- c:\program files (x86)\trend micro
2012-09-02 19:31 . 2012-09-02 19:31 -------- d-----w- C:\rsit
2012-09-02 19:20 . 2012-09-02 19:20 110080 ------w- c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-02 19:20 . 2012-09-02 19:20 110080 ------w- c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-02 19:20 . 2012-09-02 19:20 110080 ------w- c:\users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-02 19:20 . 2012-09-02 19:20 -------- d-----w- C:\sh4ldr
2012-09-02 19:20 . 2012-09-02 19:20 -------- d-----w- c:\program files\Enigma Software Group
2012-09-02 19:19 . 2012-09-02 19:19 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-31 07:43 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47CA3795-29D1-458A-BF40-F7654BC4BE6C}\mpengine.dll
2012-08-28 12:16 . 2012-08-28 12:16 -------- d-----w- c:\users\Lucka\AppData\Local\Apps
2012-08-28 12:16 . 2012-09-02 12:46 -------- d-----w- c:\users\Lucka\AppData\Local\Deployment
2012-08-22 12:45 . 2012-08-22 12:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-21 07:25 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-17 08:54 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-17 08:54 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-17 08:54 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-17 08:54 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-17 08:54 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-17 08:54 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-17 08:53 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-17 08:53 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-17 08:53 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-17 08:53 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-17 08:53 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-17 08:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 19:20 . 2012-08-13 19:34 -------- d-----w- c:\program files (x86)\JDownloader
2012-08-13 18:56 . 2012-08-13 18:56 -------- d-----w- c:\program files (x86)\SearchYa!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 07:17 . 2010-11-29 00:26 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-21 19:53 . 2012-06-21 19:56 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-06-21 19:53 . 2012-06-21 19:56 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-06-21 19:53 . 2012-06-21 19:56 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-06-21 19:53 . 2012-06-21 19:56 21288 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-06-18 09:41 . 2012-06-18 09:41 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-06-18 08:38 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-18 08:38 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-09 05:43 . 2012-07-11 08:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 07:49 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 07:49 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 07:33 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 07:49 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:49 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:33 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-03_11.43.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-09-03 18:51 41026 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-28 22:16 . 2012-09-03 18:51 14486 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895016164-440596700-571147792-1000_UserData.bin
- 2012-09-02 17:51 . 2012-04-26 05:30 77312 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_f87130ca9b06c683\rdpwsx.dll
- 2012-09-02 17:51 . 2012-04-26 05:41 77312 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdpwsx.dll
- 2012-09-02 17:51 . 2012-04-26 05:40 76288 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_f6e12b469d9fae51\rdpwsx.dll
- 2012-09-02 17:51 . 2012-04-26 05:34 76288 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_f6608f2f8479f56f\rdpwsx.dll
- 2012-09-02 17:51 . 2012-04-26 05:23 9216 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_f87130ca9b06c683\rdrmemptylst.exe
- 2012-09-02 17:51 . 2012-04-26 05:34 9216 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exe
- 2012-09-02 17:51 . 2012-04-26 05:34 9216 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_f6e12b469d9fae51\rdrmemptylst.exe
- 2012-09-02 17:51 . 2012-04-26 05:28 9216 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_f6608f2f8479f56f\rdrmemptylst.exe
+ 2010-11-28 23:30 . 2012-09-03 18:48 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-11-28 23:30 . 2012-09-03 09:14 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-09-03 18:49 . 2012-09-03 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-03 09:15 . 2012-09-03 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-03 18:49 . 2012-09-03 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-03 09:15 . 2012-09-03 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-03 18:33 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-09-03 18:33 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-09-03 18:33 106622 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-09-03 18:33 122148 c:\windows\system32\perfc005.dat
- 2012-09-02 17:51 . 2012-04-26 05:30 149504 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_f87130ca9b06c683\rdpcorekmts.dll
- 2012-09-02 17:51 . 2012-04-26 05:41 149504 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdpcorekmts.dll
- 2012-09-02 17:51 . 2012-04-26 05:40 149504 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_f6e12b469d9fae51\rdpcorekmts.dll
- 2012-09-02 17:51 . 2012-04-26 05:34 149504 c:\windows\SoftwareDistribution\Download\c832abfcf0c32ce7b04068abc79aec7b\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_f6608f2f8479f56f\rdpcorekmts.dll
+ 2009-07-14 04:46 . 2012-09-03 18:32 109936 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-09-03 09:14 390600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-03 18:48 390600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-25 02:59 . 2012-09-03 18:48 1260248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-25 02:59 . 2012-09-03 09:14 1260248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-10 08:19 . 2012-09-03 18:48 4293244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1895016164-440596700-571147792-1000-8192.dat
- 2012-03-10 08:19 . 2012-09-02 21:58 4293244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1895016164-440596700-571147792-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-11-05 1129832]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2010-11-18 215944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
R3 LeadCore_57XX_AutoEjecDiskDrv;LeadCore_57XX Auto-Eject Disk Monitor Filter Driver;c:\windows\system32\drivers\LeadCore_57XX_AutoEjectCD.sys [2010-04-02 22352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-06-21 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-09 1098784]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-11-23 205952]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:00]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:00]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
- c:\users\Lucka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 09:59]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job
- c:\users\Lucka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 09:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-20 307768]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"combofix"="c:\combofix\CF18962.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - Search
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc- ... 2136195426
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc- ... 6195426&q=
FF - user.js: extensions.searchya.id - 60EB6926D7B2E843
FF - user.js: extensions.searchya.instlDay - 15565
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.020:55
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - tc-100
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
.
**************************************************************************
.
Celkový čas: 2012-09-03 20:56:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-03 18:56
ComboFix2.txt 2012-09-03 11:50
.
Před spuštěním: Volných bajtů: 144 422 268 928
Po spuštění: Volných bajtů: 143 828 598 784
.
- - End Of File - - 43E64F7A9BE5F888F003EA64E933F7F4

#28 Příspěvek od **vyosek** » 03 zář 2012 20:12

Fajn, jeste nam tam neco zustalo a CF to neumi smazat, takze na to pujdeme jinak

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku[

[/list]

Dr.Sova · #29 Příspěvek od **Dr.Sova** » 03 zář 2012 21:23

OTL logfile created on: 3.9.2012 21:31:52 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Lucka\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 49,95% Memory free
3,74 Gb Paging File | 2,77 Gb Available in Paging File | 74,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 134,03 Gb Free Space | 57,55% Space Free | Partition Type: NTFS
Drive D: | 30,24 Gb Total Space | 5,91 Gb Free Space | 19,53% Space Free | Partition Type: FAT32

Computer Name: NB-LUCKA | User Name: Lucka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.09.03 21:22:26 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Lucka\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.11.18 15:11:36 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010.04.07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.04.01 15:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012.08.21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011.06.13 19:36:48 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010.11.18 15:12:06 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010.11.18 15:11:36 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010.10.19 15:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.10.19 15:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010.04.07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010.04.07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010.04.07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.06.01 03:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.21 21:53:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.06.21 21:53:47 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.06.21 21:53:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.06.21 21:53:46 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.11.05 04:31:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.09.03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.08.18 11:54:28 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.07.29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.07.29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.04.23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.02 15:47:54 | 000,022,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LeadCore_57XX_AutoEjectCD.sys -- (LeadCore_57XX_AutoEjecDiskDrv)
DRV:64bit: - [2010.03.09 09:12:24 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.02.19 13:08:18 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.12.15 14:05:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.15 14:05:42 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.12.15 14:05:42 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2009.11.23 13:06:32 | 000,205,952 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.12 19:04:24 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007.06.01 03:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://www.searchya.com/?q={searchTerms ... 2136195426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1060933
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://www.searchya.com/?q={searchTerms ... 2136195426

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes,Backup.Old.DefaultScope = {59A80972-4669-4E3E-9355-D3452F3E684F}
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes,DefaultScope = {59A80972-4669-4E3E-9355-D3452F3E684F}
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{59A80972-4669-4E3E-9355-D3452F3E684F}: "URL" = http://www.searchya.com/?q={searchTerms ... 2136195426
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1060933
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT10609 ... hSource=13"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: ffxtlbr@searchya.com:1.5.1

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucka\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucka\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.03 08:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.03 08:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.11.29 02:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.11.29 11:23:53 | 000,000,000 | ---D | M]

[2010.11.29 02:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucka\AppData\Roaming\Mozilla\Extensions
[2010.11.29 02:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucka\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.03 13:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions
[2011.09.27 14:52:28 | 000,000,923 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\conduit.xml
[2012.08.29 18:05:36 | 000,002,337 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\Search.xml
[2012.03.08 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.02.22 13:13:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.08.22 17:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.03.08 12:29:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\LUCKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP8BOW37.DEFAULT\EXTENSIONS\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
File not found (No name found) -- C:\USERS\LUCKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP8BOW37.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM
[2012.09.03 08:29:12 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.09.03 08:29:12 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2012.09.03 08:29:12 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.09.03 08:29:12 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.09.03 08:29:12 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.2.0.7165_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: HootSuite Hootlet = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\2.0_0\
CHR - Extension: Roz\u0161\u00ED\u0159en\u00ED pro webov\u00E9 str\u00E1nky - Webpage Screenshot = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Page Ruler = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn\0.1.4_0\
CHR - Extension: HootSuite = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Skype Extension = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.2.0.7165_0\
CHR - Extension: Mapy Google = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: AT_MarliesDekkers = C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlehphlfahjiajcnjkcbdbehjcchkibb\2_0\

O1 HOSTS File: ([2012.09.03 20:49:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1895016164-440596700-571147792-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1895016164-440596700-571147792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7066ABC4-FD58-4F49-895D-D6EBE4516B2B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE7753A1-9E8C-48C5-843F-DC2EA9FF987F}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.09.03 21:24:46 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Lucka\Desktop\OTL.exe
[2012.09.03 21:06:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.03 20:49:58 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.09.03 14:52:12 | 000,492,146 | R--- | C] (Swearware) -- C:\Users\Lucka\Desktop\dds.exe
[2012.09.03 13:27:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.03 13:27:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.03 13:27:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.03 12:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.03 11:59:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.03 11:59:25 | 004,743,160 | R--- | C] (Swearware) -- C:\Users\Lucka\Desktop\ComboFix.exe
[2012.09.03 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Lucka\Desktop\Rogue
[2012.09.03 11:20:58 | 000,000,000 | ---D | C] -- C:\Users\Lucka\Desktop\RK_Quarantine
[2012.09.02 22:51:37 | 000,000,000 | ---D | C] -- C:\Users\Lucka\AppData\Roaming\Malwarebytes
[2012.09.02 22:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.02 22:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.02 22:51:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.02 22:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.02 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012.09.02 21:31:07 | 000,000,000 | ---D | C] -- C:\rsit
[2012.09.02 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.09.02 21:20:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.09.02 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.09.02 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.09.02 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Lucka\Desktop\Vypravej
[2012.09.01 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Lucka\Desktop\Nová složka
[2012.09.01 19:42:11 | 000,000,000 | ---D | C] -- C:\Users\Lucka\Desktop\Particka
[2012.08.28 14:17:15 | 000,000,000 | ---D | C] -- C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZShare
[2012.08.28 14:16:25 | 000,000,000 | ---D | C] -- C:\Users\Lucka\AppData\Local\Apps
[2012.08.28 14:16:23 | 000,000,000 | ---D | C] -- C:\Users\Lucka\AppData\Local\Deployment

========== Files - Modified Within 7 Days ==========

[2012.09.03 21:34:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.09.03 21:31:22 | 001,470,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.03 21:31:22 | 000,631,526 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.09.03 21:31:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.03 21:31:22 | 000,122,148 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.09.03 21:31:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.03 21:31:12 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.03 21:28:16 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 21:28:16 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 21:22:26 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Lucka\Desktop\OTL.exe
[2012.09.03 21:09:13 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job
[2012.09.03 20:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.03 20:49:39 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 20:49:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 20:49:02 | 1504,342,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 20:38:21 | 000,001,204 | ---- | M] () -- C:\CF-Submit.htm
[2012.09.03 14:50:22 | 000,492,146 | R--- | M] (Swearware) -- C:\Users\Lucka\Desktop\dds.exe
[2012.09.03 11:58:00 | 004,743,160 | R--- | M] (Swearware) -- C:\Users\Lucka\Desktop\ComboFix.exe
[2012.09.03 11:18:40 | 001,377,280 | ---- | M] () -- C:\Users\Lucka\Desktop\RogueKiller.exe
[2012.09.02 22:51:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.02 22:22:18 | 000,418,877 | ---- | M] () -- C:\Users\Lucka\Desktop\Live Security.rar
[2012.09.02 21:20:32 | 000,002,254 | ---- | M] () -- C:\Users\Lucka\Desktop\SpyHunter.lnk
[2012.09.02 19:28:57 | 000,000,619 | ---- | M] () -- C:\Users\Lucka\Desktop\iexplore – zástupce.lnk
[2012.09.02 18:09:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
[2012.09.02 14:52:56 | 009,961,897 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part4
[2012.09.02 14:52:56 | 009,961,329 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part5
[2012.09.02 14:52:56 | 009,960,053 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part2
[2012.09.02 14:52:56 | 009,959,497 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part1
[2012.09.02 14:52:56 | 009,959,035 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part2
[2012.09.02 14:52:56 | 009,958,826 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part1
[2012.09.02 14:52:56 | 009,958,774 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part3
[2012.09.02 14:52:56 | 009,957,397 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part8
[2012.09.02 14:52:56 | 009,956,741 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part2
[2012.09.02 14:52:56 | 009,956,270 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part5
[2012.09.02 14:52:56 | 009,956,237 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part3
[2012.09.02 14:52:56 | 009,956,222 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part4
[2012.09.02 14:52:56 | 009,956,193 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part4
[2012.09.02 14:52:56 | 009,956,029 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part1
[2012.09.02 14:52:56 | 009,955,434 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part5
[2012.09.02 14:52:56 | 009,955,302 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part3
[2012.09.02 14:52:56 | 009,490,453 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part7
[2012.09.02 14:52:56 | 009,097,237 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part8
[2012.09.02 14:52:56 | 009,079,923 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part4
[2012.09.02 14:52:56 | 008,638,485 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part7
[2012.09.02 14:52:56 | 008,445,127 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part3
[2012.09.02 14:52:56 | 008,208,405 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part6
[2012.09.02 14:52:56 | 008,191,548 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part5
[2012.09.02 14:52:56 | 007,590,959 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part1
[2012.09.02 14:52:56 | 007,270,421 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part9
[2012.09.02 14:52:56 | 006,894,379 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part1
[2012.09.02 14:52:56 | 006,663,792 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part4
[2012.09.02 14:52:56 | 006,176,789 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part6
[2012.09.02 14:52:56 | 006,008,731 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part3
[2012.09.02 14:52:56 | 005,824,533 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part10
[2012.09.02 14:52:56 | 005,288,575 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part5
[2012.09.02 14:52:56 | 003,966,239 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part2
[2012.09.02 14:52:56 | 003,407,893 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part6
[2012.09.02 14:52:56 | 002,215,957 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part8
[2012.09.02 14:52:56 | 002,080,789 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part10
[2012.09.02 14:52:56 | 001,564,693 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part9
[2012.09.02 14:52:56 | 001,499,157 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part7
[2012.09.02 14:52:56 | 000,036,885 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part10
[2012.09.02 14:52:55 | 006,937,259 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part2
[2012.09.02 14:52:55 | 005,910,549 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part9
[2012.09.02 14:41:07 | 020,647,780 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part1
[2012.09.02 14:41:07 | 016,215,979 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part2
[2012.09.02 14:41:07 | 005,980,834 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part2
[2012.09.02 14:41:07 | 005,187,710 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part1
[2012.09.02 14:41:06 | 032,988,492 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part4
[2012.09.02 14:41:06 | 026,352,984 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part5
[2012.09.02 14:41:06 | 015,948,641 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part5
[2012.09.02 14:41:06 | 008,807,375 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part1
[2012.09.02 14:41:05 | 040,418,626 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part2
[2012.09.02 14:41:05 | 039,255,457 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part3
[2012.09.02 14:41:05 | 022,711,737 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part3
[2012.09.02 14:41:05 | 019,625,512 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part4
[2012.09.02 14:41:05 | 008,891,657 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part3
[2012.09.02 14:41:05 | 000,082,892 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part1
[2012.09.02 14:41:04 | 008,662,730 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part5
[2012.09.02 14:41:04 | 007,513,712 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part4
[2012.09.02 14:41:04 | 006,845,034 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part2
[2012.09.02 14:41:04 | 006,260,546 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part1
[2012.09.02 14:41:04 | 005,566,074 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part5
[2012.09.02 14:41:04 | 003,844,394 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part4
[2012.09.02 14:41:04 | 000,009,890 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part5
[2012.09.02 14:41:03 | 009,980,817 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part2
[2012.09.02 14:41:03 | 008,035,052 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part3
[2012.09.02 14:41:03 | 006,932,262 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part5
[2012.09.02 14:41:03 | 006,511,843 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part1
[2012.09.02 14:41:03 | 006,139,854 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part4
[2012.09.02 14:41:02 | 007,262,300 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part3
[2012.09.02 14:41:02 | 000,306,263 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part5
[2012.09.02 14:41:02 | 000,115,010 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part4
[2012.09.02 14:41:02 | 000,001,152 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.18.farmarske.sportovni.hry.avi.part1
[2012.09.02 14:41:01 | 000,265,410 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part1
[2012.09.02 14:41:01 | 000,206,983 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part4
[2012.09.02 14:41:01 | 000,093,111 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part2
[2012.09.02 14:41:01 | 000,075,584 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part3
[2012.09.02 14:41:01 | 000,055,150 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part3
[2012.09.02 14:41:01 | 000,006,963 | -H-- | M] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part2
[2012.09.02 14:41:01 | 000,002,613 | -H-- | M] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.16.velke.kychnuti.avi.part1
[2012.08.28 14:17:15 | 000,000,318 | ---- | M] () -- C:\Users\Lucka\Desktop\CZShare Manager.appref-ms

Dr.Sova · #30 Příspěvek od **Dr.Sova** » 03 zář 2012 21:24

========== Files Created - No Company Name ==========

[2012.09.03 21:34:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.09.03 20:38:21 | 000,001,204 | ---- | C] () -- C:\CF-Submit.htm
[2012.09.03 13:27:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.03 13:27:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.03 13:27:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.03 13:27:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.03 13:27:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.03 11:19:58 | 001,377,280 | ---- | C] () -- C:\Users\Lucka\Desktop\RogueKiller.exe
[2012.09.02 22:51:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.02 22:22:17 | 000,418,877 | ---- | C] () -- C:\Users\Lucka\Desktop\Live Security.rar
[2012.09.02 21:20:32 | 000,002,254 | ---- | C] () -- C:\Users\Lucka\Desktop\SpyHunter.lnk
[2012.09.02 19:28:57 | 000,000,619 | ---- | C] () -- C:\Users\Lucka\Desktop\iexplore – zástupce.lnk
[2012.09.02 14:52:07 | 002,080,789 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part10
[2012.09.02 14:51:25 | 005,824,533 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part10
[2012.09.02 14:51:17 | 000,036,885 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part10
[2012.09.02 14:51:15 | 005,910,549 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part9
[2012.09.02 14:51:05 | 007,270,421 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part9
[2012.09.02 14:50:41 | 001,564,693 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part9
[2012.09.02 14:50:26 | 009,097,237 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part8
[2012.09.02 14:50:24 | 002,215,957 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part8
[2012.09.02 14:49:57 | 001,499,157 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part7
[2012.09.02 14:49:56 | 008,638,485 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part7
[2012.09.02 14:49:53 | 003,407,893 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part6
[2012.09.02 14:49:46 | 009,957,397 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part8
[2012.09.02 14:49:36 | 006,176,789 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part6
[2012.09.02 14:49:29 | 009,490,453 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part7
[2012.09.02 14:49:10 | 008,208,405 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part6
[2012.09.02 14:39:44 | 000,002,613 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.16.velke.kychnuti.avi.part1
[2012.09.02 14:39:22 | 000,009,890 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part5
[2012.09.02 14:39:19 | 000,115,010 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part4
[2012.09.02 14:39:19 | 000,093,111 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part2
[2012.09.02 14:39:19 | 000,055,150 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part3
[2012.09.02 14:39:11 | 000,265,410 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.22.kouzelny.klobouk.avi.part1
[2012.09.02 14:39:11 | 000,001,152 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.18.farmarske.sportovni.hry.avi.part1
[2012.09.02 14:38:09 | 008,191,548 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part5
[2012.09.02 14:38:05 | 009,079,923 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part4
[2012.09.02 14:38:05 | 006,008,731 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part3
[2012.09.02 14:38:05 | 003,966,239 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part2
[2012.09.02 14:37:59 | 006,894,379 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.04.letani.avi.part1
[2012.09.02 14:37:36 | 008,445,127 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part3
[2012.09.02 14:37:36 | 006,937,259 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part2
[2012.09.02 14:37:36 | 006,663,792 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part4
[2012.09.02 14:37:36 | 005,288,575 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part5
[2012.09.02 14:37:29 | 009,959,035 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part2
[2012.09.02 14:37:29 | 009,956,222 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part4
[2012.09.02 14:37:29 | 009,955,434 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part5
[2012.09.02 14:37:29 | 009,955,302 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part3
[2012.09.02 14:37:29 | 007,590,959 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.03.narozeniny.avi.part1
[2012.09.02 14:37:26 | 009,961,897 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part4
[2012.09.02 14:37:26 | 009,961,329 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part5
[2012.09.02 14:37:26 | 009,960,053 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part2
[2012.09.02 14:37:26 | 009,958,774 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part3
[2012.09.02 14:37:24 | 009,958,826 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.38.novy.prirustek.avi.part1
[2012.09.02 14:37:22 | 009,956,741 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part2
[2012.09.02 14:37:22 | 009,956,270 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part5
[2012.09.02 14:37:22 | 009,956,237 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part3
[2012.09.02 14:37:22 | 009,956,193 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part4
[2012.09.02 14:37:20 | 009,959,497 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.39.uzasne.bahno.avi.part1
[2012.09.02 14:37:16 | 009,956,029 | -H-- | C] () -- C:\Users\Lucka\Desktop\cerveny.trakturek.ep.09.sbirani.sena.avi.part1
[2012.09.02 14:36:33 | 000,306,263 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part5
[2012.09.02 14:36:33 | 000,206,983 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part4
[2012.09.02 14:36:33 | 000,082,892 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part1
[2012.09.02 14:36:33 | 000,075,584 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part3
[2012.09.02 14:36:33 | 000,006,963 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vyprávěj osudy 6 - Horův nemanželský syn.avi.part2
[2012.09.02 14:32:21 | 008,662,730 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part5
[2012.09.02 14:32:21 | 006,932,262 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part5
[2012.09.02 14:32:21 | 005,566,074 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part5
[2012.09.02 14:32:20 | 003,844,394 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part4
[2012.09.02 14:32:19 | 009,980,817 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part2
[2012.09.02 14:32:19 | 008,891,657 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part3
[2012.09.02 14:32:19 | 008,035,052 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part3
[2012.09.02 14:32:19 | 007,513,712 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part4
[2012.09.02 14:32:19 | 007,262,300 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part3
[2012.09.02 14:32:19 | 006,845,034 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part2
[2012.09.02 14:32:19 | 006,139,854 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part4
[2012.09.02 14:32:19 | 005,980,834 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part2
[2012.09.02 14:32:16 | 006,511,843 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.03.Ziji.Markovi.rodice.avi.part1
[2012.09.02 14:32:16 | 006,260,546 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.02.Proc.je.Iveta.takova.avi.part1
[2012.09.02 14:32:16 | 005,187,710 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypravej.Osudy.01.Proc.byl.Matej.estebak.avi.part1
[2012.09.02 14:28:50 | 015,948,641 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part5
[2012.09.02 14:28:49 | 022,711,737 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part3
[2012.09.02 14:28:49 | 019,625,512 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part4
[2012.09.02 14:28:49 | 016,215,979 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part2
[2012.09.02 14:28:42 | 008,807,375 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+osudy+4+-+Mikul%C3%A1%C5%A1ova+Hilda.avi.part1
[2012.09.02 14:27:03 | 032,988,492 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part4
[2012.09.02 14:27:03 | 026,352,984 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part5
[2012.09.02 14:27:01 | 040,418,626 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part2
[2012.09.02 14:27:01 | 039,255,457 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part3
[2012.09.02 14:27:00 | 020,647,780 | -H-- | C] () -- C:\Users\Lucka\Desktop\Vypr%C3%A1v%C4%9Bj+-+1+Od+za%C4%8D%C3%A1tku.avi.part1
[2012.08.28 14:16:44 | 000,000,318 | ---- | C] () -- C:\Users\Lucka\Desktop\CZShare Manager.appref-ms
[2012.08.26 22:01:25 | 000,000,891 | ---- | C] () -- C:\Users\Lucka\.recently-used.xbel
[2012.08.13 20:56:46 | 000,384,835 | ---- | C] () -- C:\Users\Lucka\AppData\Local\speeddial.crx
[2012.07.09 15:41:35 | 000,009,324 | ---- | C] () -- C:\Users\Lucka\AppData\Roaming\Hodnoty oddělené čárkami (Windows).EML
[2012.02.21 12:33:37 | 164,274,046 | ---- | C] () -- C:\Users\Lucka\ Reiki Om.rar
[2012.02.21 12:32:31 | 000,000,976 | ---- | C] () -- C:\Users\Lucka\AppData\Local\SRDownloader.nast
[2011.12.03 22:40:28 | 000,000,367 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011.12.03 22:37:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011.10.31 22:56:21 | 000,007,605 | ---- | C] () -- C:\Users\Lucka\AppData\Local\Resmon.ResmonCfg
[2011.02.22 13:17:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.29 11:28:07 | 000,000,600 | ---- | C] () -- C:\Users\Lucka\AppData\Local\PUTTY.RND

========== LOP Check ==========

[2012.07.18 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\gtk-2.0
[2011.12.03 22:39:42 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\MyHeritage
[2011.12.16 23:37:47 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Replay Media Catcher 4
[2011.09.30 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Telefónica Móviles
[2011.12.03 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.11.29 02:03:15 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Thunderbird
[2011.01.10 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Update
[2012.08.08 22:17:10 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.06.21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012.03.30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012.03.30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.06.21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011.09.29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.06.21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011.06.21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011.09.29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[19 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1b04c1ca362f283a77e837735f285bb\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1b04c1ca362f283a77e837735f285bb\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a2e9f39d907c74bd8680f1cab49f4e76\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a2e9f39d907c74bd8680f1cab49f4e76\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.08.04 13:57:00 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Adobe
[2012.07.20 14:22:44 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\dvdcss
[2012.07.18 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\gtk-2.0
[2010.11.29 00:15:03 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Identities
[2010.11.29 01:59:57 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Intel
[2010.11.29 12:10:53 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Macromedia
[2012.09.02 22:51:37 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Media Center Programs
[2012.09.03 13:24:46 | 000,000,000 | --SD | M] -- C:\Users\Lucka\AppData\Roaming\Microsoft
[2010.11.29 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Mozilla
[2011.12.03 22:39:42 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\MyHeritage
[2011.12.16 23:37:47 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Replay Media Catcher 4
[2012.09.02 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Skype
[2012.08.22 11:10:35 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\skypePM
[2011.09.30 19:19:49 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Telefónica Móviles
[2011.12.03 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.11.29 02:03:15 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Thunderbird
[2011.01.10 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\Update
[2012.08.21 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\vlc
[2011.10.11 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\Lucka\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012.09.02 21:20:32 | 000,110,080 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
[2012.09.02 21:20:32 | 000,110,080 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
[2012.09.02 21:20:32 | 000,110,080 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
[2011.11.27 15:43:42 | 000,113,680 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe
[2011.11.27 15:43:44 | 000,113,680 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe
[2011.11.27 15:43:46 | 000,047,104 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe
[2011.11.27 15:06:40 | 000,110,592 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe
[2011.11.27 15:06:46 | 000,058,896 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.09.03 20:49:39 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 21:31:12 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.02 18:09:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
[2012.09.03 21:09:13 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.09.03 08:29:11 | 000,912,344 | ---- | M] (Mozilla Corporation) MD5=FD7910989EA9FC56422FCAAA696EA013 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.09.03 21:34:08 | 000,000,512 | ---- | M] () MD5=ADD33E13577A5211B24E8538BCD2B01A -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010.10.04 23:50:56 | 000,062,238 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[2012.08.13 21:30:17 | 000,004,412 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class

< *keygen* /s >

< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012.04.01 09:02:50 | 000,158,720 | ---- | M] () -- \Program Files (x86)\GearMage\Mail Attachment Downloader v2.2\MailAttachmentDownloader.exe
[2011.10.23 17:23:22 | 000,000,095 | ---- | M] () -- \Program Files (x86)\GearMage\Mail Attachment Downloader v2.2\MailAttachmentDownloader.exe.config
[2012.04.01 09:02:40 | 000,010,240 | ---- | M] () -- \Program Files (x86)\GearMage\Mail Attachment Downloader v2.2\MailAttachmentDownloaderApi.dll
[2012.04.01 09:02:46 | 000,142,848 | ---- | M] () -- \Program Files (x86)\GearMage\Mail Attachment Downloader v2.2\MailAttachmentDownloaderApiImpl.dll
[2010.02.07 23:40:00 | 000,000,543 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.12.15 19:58:18 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.12.15 19:58:20 | 000,018,592 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.12.15 19:58:24 | 000,026,272 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.12.15 19:58:26 | 000,012,960 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.12.15 19:58:28 | 000,017,568 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.12.15 19:58:56 | 000,019,616 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.12.15 19:59:04 | 000,015,008 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.12.15 19:59:06 | 000,019,104 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.12.15 19:59:10 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.12.15 19:59:14 | 000,012,448 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.12.15 19:59:16 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.12.15 19:59:20 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.12.15 19:59:22 | 000,011,936 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.12.15 19:59:24 | 000,013,984 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.12.15 19:59:28 | 000,028,320 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009.05.01 21:42:00 | 000,009,880 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2012.05.22 09:43:16 | 000,214,528 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.exe
[2012.05.22 09:43:16 | 000,593,293 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.jar
[2012.05.22 09:43:16 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderBETA.exe
[2012.05.22 09:43:16 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderD3D.exe
[2012.05.22 09:43:16 | 000,219,264 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderPortable.exe
[2012.08.13 21:23:02 | 000,000,105 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2012.05.22 09:43:16 | 000,007,073 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\UploaderPl.class
[2012.05.22 09:43:16 | 000,032,222 | ---- | M] () -- \Program Files (x86)\JDownloader\licenses\jdownloader.license
[2012.08.13 21:21:24 | 000,001,945 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.08.13 21:21:24 | 000,001,924 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.08.13 21:21:24 | 000,002,001 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.07.07 22:49:58 | 000,002,597 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\GearMage\Mail Attachment Downloader v2.2\Mail Attachment Downloader.lnk
[2011.09.30 22:04:28 | 000,001,112 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader\Uninstall YouTube Downloader.lnk
[2011.09.30 22:04:28 | 000,001,112 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader\YouTube Downloader.lnk
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2011.09.27 14:52:28 | 000,010,144 | ---- | M] () -- \Qoobox\Quarantine\C\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\ExternalLibraryLoader.jsm.vir
[2012.08.13 21:21:24 | 000,001,945 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.08.13 21:21:24 | 000,001,924 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.08.13 21:21:24 | 000,002,001 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.07.07 22:49:58 | 000,002,597 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\GearMage\Mail Attachment Downloader v2.2\Mail Attachment Downloader.lnk
[2011.09.30 22:04:28 | 000,001,112 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YouTube Downloader\Uninstall YouTube Downloader.lnk
[2011.09.30 22:04:28 | 000,001,112 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YouTube Downloader\YouTube Downloader.lnk
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.02.21 18:42:57 | 000,000,976 | ---- | M] () -- \Users\Lucka\AppData\Local\SRDownloader.nast
[2012.07.07 22:48:20 | 000,993,280 | ---- | M] () -- \Users\Lucka\AppData\Local\Downloaded Installations\{74967DEE-1815-4B4D-A489-9176226D5F91}\Mail Attachment Downloader v2.2.msi
[2012.08.10 13:26:04 | 000,000,673 | ---- | M] () -- \Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\images\ajaxLoader.gif
[2012.08.13 21:21:44 | 000,002,001 | ---- | M] () -- \Users\Lucka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2011.09.27 14:52:28 | 000,010,144 | ---- | M] () -- \Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\conduitCommon\modules\3.7.0.6\ExternalLibraryLoader.jsm
[2012.08.13 21:21:45 | 000,002,037 | ---- | M] () -- \Users\Lucka\Desktop\JDownloader.lnk
[2012.07.07 22:35:00 | 001,963,087 | ---- | M] () -- \Users\Lucka\Desktop\MailAttachmentDownloaderInstall.EXE
[2011.09.30 22:04:28 | 000,001,094 | ---- | M] () -- \Users\Lucka\Desktop\YouTube Downloader.lnk
[2012.02.21 14:50:19 | 029,208,710 | ---- | M] () -- \Users\Lucka\Downloads\JDownloader.zip
[1 \Users\Lucka\Downloads\*.tmp files -> \Users\Lucka\Downloads\*.tmp -> ]
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:18:33 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_66f39ad995474166\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 08:23:09 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:04:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:44:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:00:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012.06.18 10:39:39 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012.06.18 10:39:39 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012.06.18 10:39:40 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012.06.18 10:39:40 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012.06.18 10:39:40 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 07:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:22:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:13:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

VIRY.CZ

Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum