Logfile of random's system information tool 1.08 (written by random/random)
Run by Mato at 2010-11-07 20:55:07
Microsoft Windows 7 Ultimate
System drive C: has 48 GB (48%) free of 100 GB
Total RAM: 2039 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:55:33, on 7. 11. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Mato\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\Downloads\RSIT.exe
C:\Program Files\trend micro\Mato.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
O2 - BHO: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - file:///C:/Users/Mato/Desktop/GOPAS/overview/shock/swinst.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
O23 - Service: CMDUBTHCJT - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe
O23 - Service: EBZZWRCDX - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\EBZZWRCDX.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EXJGN - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\EXJGN.exe
O23 - Service: EZVMN - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\EZVMN.exe
O23 - Service: FFIG - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\FFIG.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IRBXDQSBZOT - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe
O23 - Service: KFKEWR - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\KFKEWR.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: WNGVJMGHMENI - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\WNGVJMGHMENI.exe
O23 - Service: XOPZRVBQ - Sysinternals - www.sysinternals.com - C:\Users\Mato\AppData\Local\Temp\XOPZRVBQ.exe
--
End of file - 12533 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
ArchiBar Toolbar - C:\Program Files\ArchiBar\tbArch.dll [2010-09-12 3863136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{24cc1362-11c6-4918-a2c0-b9ee5a563185} - ArchiBar Toolbar - C:\Program Files\ArchiBar\tbArch.dll [2010-09-12 3863136]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-03-24 2145000]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"ZSSnp211"=C:\Windows\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\Windows\Domino.exe [2006-08-18 49152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2010-09-21 64048]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"=rundll32 netman.dll,ProcessQueue []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"=C:\Program Files\Mozilla Thunderbird\thunderbird -turbo []
"Google Update"=C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 718208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\Program Files\Sandboxie\SbieCtrl.exe [2010-08-09 389352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll [2010-03-24 511344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-11-07 20:55:07 ----D---- C:\rsit
2010-11-07 20:55:07 ----D---- C:\Program Files\trend micro
2010-11-07 15:16:06 ----D---- C:\Program Files\PS Tray Factory
2010-11-07 14:39:21 ----HDC---- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2010-11-07 14:39:19 ----D---- C:\ProgramData\Stardock
2010-11-07 13:08:20 ----D---- C:\Users\Mato\AppData\Roaming\Stardock
2010-11-06 17:11:37 ----D---- C:\$UPGRADE.~OS
2010-11-06 17:11:05 ----D---- C:\$WINDOWS.~BT
2010-11-06 13:48:44 ----D---- C:\Program Files\Xenocode
2010-11-06 09:54:32 ----RD---- C:\Záloha
2010-11-04 19:43:22 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-01 19:24:30 ----D---- C:\Users\Mato\AppData\Roaming\VMware
2010-11-01 19:17:19 ----A---- C:\Windows\system32\vmnetdhcp.exe
2010-11-01 19:17:15 ----A---- C:\Windows\system32\vmnat.exe
2010-11-01 19:17:14 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys
2010-11-01 19:17:02 ----A---- C:\Windows\system32\vnetlib.dll
2010-11-01 19:16:08 ----A---- C:\Windows\system32\drivers\VMkbd.sys
2010-11-01 19:15:18 ----D---- C:\Program Files\Common Files\VMware
2010-11-01 19:14:24 ----D---- C:\ProgramData\VMware
2010-11-01 19:14:24 ----D---- C:\Program Files\VMware
2010-11-01 10:07:49 ----D---- C:\Windows\system32\Adobe
2010-10-31 20:19:24 ----D---- C:\Users\Mato\AppData\Roaming\Need for Speed World
2010-10-31 19:07:21 ----D---- C:\Program Files\Electronic Arts
2010-10-31 18:58:19 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-10-31 18:58:19 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-10-31 18:58:19 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-10-31 18:58:18 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-10-31 18:58:18 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-10-31 18:58:17 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-10-31 18:58:17 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-10-31 18:58:17 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-10-31 18:58:16 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-31 18:58:16 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-31 18:58:16 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-31 18:58:15 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-31 18:58:15 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-31 18:58:14 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-31 18:58:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-31 18:58:13 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-31 18:58:13 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-31 18:58:12 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-31 18:58:12 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-31 18:58:11 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-31 18:58:11 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-31 18:58:11 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-31 18:58:11 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-31 18:58:10 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-31 18:58:09 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-31 18:58:09 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-31 18:58:09 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-31 18:58:09 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-31 18:58:08 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-31 18:58:08 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-31 18:58:07 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-31 18:58:07 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-31 18:58:07 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-31 18:58:06 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-31 18:58:06 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-31 18:58:06 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-31 18:58:06 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-31 18:58:05 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-31 18:58:05 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-31 18:58:05 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-31 18:58:05 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-31 18:58:03 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-31 18:58:03 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-31 18:58:03 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-31 18:58:02 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-31 18:58:02 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-31 18:58:02 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-31 18:58:01 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-31 18:58:00 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-31 18:58:00 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-31 18:58:00 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-31 18:57:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-31 18:57:59 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-31 18:57:59 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-31 18:57:58 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-31 18:57:57 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-31 18:57:57 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-31 18:57:57 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-31 18:57:57 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-31 18:57:57 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-31 18:57:56 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-31 18:57:55 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-31 18:57:55 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-31 18:57:55 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-31 18:57:54 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-31 18:57:53 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-31 18:57:53 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-31 18:57:52 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-31 18:57:52 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-31 18:57:52 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-31 18:57:52 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-31 18:57:51 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-31 18:57:51 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-31 18:57:50 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-31 18:57:50 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-31 18:57:49 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-31 18:57:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-31 18:57:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-31 18:57:43 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-31 18:57:42 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-31 18:57:42 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-31 18:57:41 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-31 18:57:41 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-31 18:57:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-31 18:51:10 ----D---- C:\Windows\system32\directx
2010-10-31 18:50:12 ----D---- C:\ProgramData\Electronic Arts
2010-10-28 17:36:54 ----A---- C:\Windows\system32\javaws.exe
2010-10-28 17:36:54 ----A---- C:\Windows\system32\javaw.exe
2010-10-28 17:36:54 ----A---- C:\Windows\system32\java.exe
2010-10-27 17:51:49 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 17:51:49 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-27 17:51:34 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-26 18:53:54 ----D---- C:\Users\Mato\AppData\Roaming\Foxit Software
2010-10-25 18:14:47 ----D---- C:\Program Files\Ask.com
2010-10-25 18:01:03 ----D---- C:\Program Files\FMA 2
2010-10-21 16:17:48 ----D---- C:\Windows\sk
2010-10-21 16:17:13 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-21 16:10:22 ----D---- C:\Program Files\MSN Toolbar
2010-10-21 16:09:49 ----D---- C:\Program Files\Bing Bar Installer
2010-10-21 16:09:18 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-21 16:09:18 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-21 16:09:17 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-21 16:06:47 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-10-21 16:06:47 ----A---- C:\Windows\system32\mf.dll
2010-10-21 16:06:46 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-10-17 09:21:06 ----D---- C:\Program Files\SDExplorer
2010-10-16 18:10:49 ----D---- C:\Program Files\Autodesk
2010-10-15 16:00:54 ----D---- C:\Nový priečinok
2010-10-13 19:19:22 ----D---- C:\Program Files\GPLGS
2010-10-13 19:17:20 ----A---- C:\Windows\system32\cpwmon2k.dll
2010-10-13 19:17:17 ----D---- C:\Program Files\Acro Software
2010-10-13 18:18:35 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 18:18:35 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 18:18:34 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 18:18:31 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 18:18:22 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 18:18:20 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 18:18:17 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 18:18:16 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 18:18:16 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 18:18:16 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 18:18:15 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 18:18:14 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 18:18:14 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 18:18:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 18:18:13 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 18:18:11 ----A---- C:\Windows\system32\comctl32.dll
2010-10-13 18:18:03 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 18:18:01 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 18:18:00 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 18:17:59 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-10-13 18:17:51 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 18:17:01 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 18:17:01 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 18:17:01 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 18:17:00 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-10 20:53:13 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-10-10 20:53:11 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-10 20:51:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-10-10 20:50:05 ----D---- C:\Program Files\Microsoft Analysis Services
2010-10-10 20:48:50 ----D---- C:\Program Files\Microsoft Office
2010-10-10 20:48:24 ----RHD---- C:\MSOCache
======List of files/folders modified in the last 1 months======
2010-11-07 20:55:32 ----D---- C:\Windows\Temp
2010-11-07 20:55:07 ----RD---- C:\Program Files
2010-11-07 20:54:52 ----D---- C:\Windows\system32\config
2010-11-07 20:51:21 ----HD---- C:\ProgramData
2010-11-07 20:47:50 ----D---- C:\Windows\System32
2010-11-07 20:45:02 ----D---- C:\Users\Mato\AppData\Roaming\.purple
2010-11-07 20:32:15 ----D---- C:\Windows\system32\drivers
2010-11-07 15:31:05 ----SHD---- C:\System Volume Information
2010-11-07 15:29:40 ----SHD---- C:\Windows\Installer
2010-11-07 15:29:38 ----D---- C:\Program Files\Stardock
2010-11-07 15:16:37 ----D---- C:\Windows\system32\Tasks
2010-11-07 15:04:55 ----D---- C:\Windows\inf
2010-11-07 15:04:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-07 14:40:19 ----RSD---- C:\Windows\assembly
2010-11-07 14:39:19 ----D---- C:\Program Files\Common Files\Stardock
2010-11-07 12:38:42 ----D---- C:\Users\Mato\AppData\Roaming\ICQ
2010-11-07 11:13:13 ----D---- C:\Windows\rescache
2010-11-07 10:02:58 ----D---- C:\Program Files\CCleaner
2010-11-07 09:56:42 ----D---- C:\Windows\Minidump
2010-11-07 09:56:40 ----D---- C:\Windows
2010-11-06 14:17:12 ----D---- C:\Users\Mato\AppData\Roaming\Abvent_Artlantis3
2010-11-06 13:48:45 ----D---- C:\Windows\XSxS
2010-11-05 21:26:35 ----D---- C:\Windows\system32\oobe
2010-11-05 21:13:10 ----D---- C:\Windows\Tasks
2010-11-05 21:13:10 ----D---- C:\Windows\system32\wfp
2010-11-05 21:13:10 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-05 21:13:04 ----D---- C:\Windows\system32\wbem
2010-11-05 21:11:49 ----RD---- C:\Users
2010-11-05 21:11:49 ----D---- C:\Windows\system32\Wat
2010-11-05 21:11:49 ----D---- C:\Windows\system32\DriverStore
2010-11-05 21:11:49 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-05 21:11:49 ----D---- C:\Windows\system32\catroot2
2010-11-05 21:11:37 ----D---- C:\Users\Mato\AppData\Roaming\Thunderbird
2010-11-05 21:11:37 ----D---- C:\Users\Mato\AppData\Roaming\Skype
2010-11-05 21:11:37 ----D---- C:\Users\Mato\AppData\Roaming\Opera
2010-11-05 21:11:30 ----SD---- C:\Users\Mato\AppData\Roaming\Microsoft
2010-11-05 21:11:30 ----D---- C:\Users\Mato\AppData\Roaming\gtk-2.0
2010-11-05 21:11:30 ----D---- C:\Users\Mato\AppData\Roaming\GHISLER
2010-11-05 21:11:30 ----D---- C:\Users\Mato\AppData\Roaming\GanymedeNet
2010-11-05 21:11:30 ----D---- C:\Users\Mato\AppData\Roaming\Desktop Sidebar
2010-11-05 21:10:52 ----D---- C:\Program Files\The KMPlayer
2010-11-05 21:10:52 ----D---- C:\Program Files\PhotoFiltre
2010-11-05 21:09:31 ----D---- C:\Windows\registration
2010-11-05 21:06:06 ----D---- C:\Users\Mato\AppData\Roaming\OpenOffice.org
2010-11-05 21:06:06 ----D---- C:\Users\Mato\AppData\Roaming\Nokia
2010-11-05 21:05:45 ----D---- C:\Users\Mato\AppData\Roaming\Mozilla
2010-11-05 21:05:40 ----D---- C:\Users\Mato\AppData\Roaming\Graphisoft
2010-11-05 21:05:40 ----D---- C:\Users\Mato\AppData\Roaming\Canneverbe Limited
2010-11-05 21:04:16 ----SHD---- C:\$Recycle.Bin
2010-11-04 21:28:29 ----SHD---- C:\Recovery
2010-11-02 17:48:40 ----AD---- C:\ProgramData\Temp
2010-11-02 17:21:00 ----D---- C:\Program Files\Common Files
2010-11-01 19:17:27 ----D---- C:\Windows\system32\catroot
2010-11-01 19:16:50 ----D---- C:\Program Files\Pidgin
2010-11-01 13:43:49 ----D---- C:\Windows\system32\Macromed
2010-11-01 13:01:15 ----D---- C:\Users\Mato\AppData\Roaming\skypePM
2010-10-31 18:51:13 ----D---- C:\Windows\Logs
2010-10-31 18:36:37 ----D---- C:\Program Files\Mozilla Firefox
2010-10-31 18:34:47 ----D---- C:\Program Files\Mozilla Thunderbird
2010-10-28 17:36:47 ----D---- C:\Program Files\Java
2010-10-27 20:28:13 ----A---- C:\Windows\Sandboxie.ini
2010-10-27 18:38:56 ----D---- C:\Windows\Microsoft.NET
2010-10-27 18:15:51 ----D---- C:\Windows\winsxs
2010-10-27 18:10:33 ----D---- C:\Windows\ehome
2010-10-27 18:10:14 ----D---- C:\Windows\AppPatch
2010-10-25 19:23:44 ----D---- C:\Users\Mato\AppData\Roaming\FMA
2010-10-25 18:14:15 ----D---- C:\Program Files\Foxit Software
2010-10-24 17:22:37 ----D---- C:\OziExplorer
2010-10-21 20:30:53 ----D---- C:\Program Files\Windows Live
2010-10-21 17:54:48 ----D---- C:\Windows\system32\LogFiles
2010-10-21 16:17:14 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-21 16:12:41 ----SD---- C:\ProgramData\Microsoft
2010-10-21 16:11:32 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-15 18:42:18 ----D---- C:\Windows\debug
2010-10-14 13:06:45 ----D---- C:\Windows\Prefetch
2010-10-13 21:25:37 ----D---- C:\Windows\system32\migration
2010-10-13 21:25:37 ----D---- C:\Program Files\Internet Explorer
2010-10-13 21:25:35 ----D---- C:\Program Files\Windows Media Player
2010-10-13 19:19:04 ----D---- C:\ProgramData\Microsoft Help
2010-10-13 19:14:39 ----A---- C:\Windows\system32\MRT.exe
2010-10-12 20:53:51 ----D---- C:\Program Files\JDownloader
2010-10-12 19:08:05 ----D---- C:\Program Files\Opera
2010-10-10 20:54:45 ----RSD---- C:\Windows\Fonts
2010-10-10 20:54:37 ----D---- C:\Windows\ShellNew
2010-10-10 20:54:14 ----D---- C:\Program Files\MSBuild
2010-10-10 20:52:34 ----D---- C:\Program Files\Microsoft.NET
2010-10-10 20:52:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-10-10 20:50:25 ----A---- C:\Windows\win.ini
2010-10-10 20:50:23 ----D---- C:\Program Files\Common Files\System
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-25 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2010-05-13 54776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-03-24 134488]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 41312]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-09-21 32304]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-09-21 70704]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-09-20 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-09-21 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-09-21 854064]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-07 2506232]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-03-24 32584]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2010-08-09 123112]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-09-21 24624]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-09-20 16560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\Windows\system32\DRIVERS\sea1bus.sys [2006-11-20 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\sea1mdfl.sys [2006-11-20 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\sea1mdm.sys [2006-11-20 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\sea1mgmt.sys [2006-11-20 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\Windows\system32\DRIVERS\sea1nd5.sys [2006-11-20 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\sea1obex.sys [2006-11-20 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\Windows\system32\DRIVERS\sea1unic.sys [2006-11-20 90800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vvftav211;vvftav211; C:\Windows\system32\drivers\vvftav211.sys [2007-12-10 480128]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-03-24 810120]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2010-05-13 46904]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-08-09 75496]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-09-21 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-09-21 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-09-21 404016]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-29 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CMDUBTHCJT;CMDUBTHCJT; C:\Users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe [2010-11-07 547712]
S3 EBZZWRCDX;EBZZWRCDX; C:\Users\Mato\AppData\Local\Temp\EBZZWRCDX.exe [2010-11-07 551808]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-03-24 33560]
S3 EXJGN;EXJGN; C:\Users\Mato\AppData\Local\Temp\EXJGN.exe [2010-11-07 465792]
S3 EZVMN;EZVMN; C:\Users\Mato\AppData\Local\Temp\EZVMN.exe [2010-11-07 535424]
S3 FFIG;FFIG; C:\Users\Mato\AppData\Local\Temp\FFIG.exe [2010-11-07 580480]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 IRBXDQSBZOT;IRBXDQSBZOT; C:\Users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe [2010-11-07 551808]
S3 KFKEWR;KFKEWR; C:\Users\Mato\AppData\Local\Temp\KFKEWR.exe [2010-11-07 408448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-05-25 613888]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400]
S3 WNGVJMGHMENI;WNGVJMGHMENI; C:\Users\Mato\AppData\Local\Temp\WNGVJMGHMENI.exe [2010-11-07 437120]
S4 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventívnu kontrolu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o preventívnu kontrolu.
Dobré ranko 
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verzia databázy: 5075
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8. 11. 2010 18:57:18
mbam-log-2010-11-08 (18-57-18).txt
Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 144023
Uplynulý čas: 8 min, 39 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
C:\$Recycle.Bin\S-1-5-21-232530544-1741318313-884996648-1000\$RK6RGPK.exe (HackTool.PasswordViewer) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-232530544-1741318313-884996648-1000\$R551EIP.75\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Users\Mato\downloads\4shared_Desktop_323.exe (Trojan.PWS) -> No action taken.
http://www.malwarebytes.org
Verzia databázy: 5075
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8. 11. 2010 18:57:18
mbam-log-2010-11-08 (18-57-18).txt
Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 144023
Uplynulý čas: 8 min, 39 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
C:\$Recycle.Bin\S-1-5-21-232530544-1741318313-884996648-1000\$RK6RGPK.exe (HackTool.PasswordViewer) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-232530544-1741318313-884996648-1000\$R551EIP.75\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Users\Mato\downloads\4shared_Desktop_323.exe (Trojan.PWS) -> No action taken.
Re: Prosím o preventívnu kontrolu.
V mbamu vše smažte.
Zapojte do pc všechny usb klíče, flashky...co používáte
Použijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Zapojte do pc všechny usb klíče, flashky...co používátePoužijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
############################## | UsbFix 7.014 | [Research]
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 19:33:44 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (47 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
E:\ -> Removable drive # 964 Mb (870 Mb free - 90%) [PENDRIVE] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
H:\ -> Removable drive # 66 Mb (66 Mb free - 100%) [PHONE] # FAT
J:\ -> Removable drive # 2 Gb (457 Mb free - 23%) [PHONE CARD] # FAT
################## | Files # Infected Folders |
Found ! G:\sys
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{a88a44fc-837e-11df-96bd-806e6f6e6963}
Shell\AutoRun\Command = F:\setup.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 19:33:44 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (47 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
E:\ -> Removable drive # 964 Mb (870 Mb free - 90%) [PENDRIVE] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
H:\ -> Removable drive # 66 Mb (66 Mb free - 100%) [PHONE] # FAT
J:\ -> Removable drive # 2 Gb (457 Mb free - 23%) [PHONE CARD] # FAT
################## | Files # Infected Folders |
Found ! G:\sys
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{a88a44fc-837e-11df-96bd-806e6f6e6963}
Shell\AutoRun\Command = F:\setup.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
Re: Prosím o preventívnu kontrolu.
Spusťte Usbfix znovu a potvrďte volbu deletion. Log pak vložte zde .
.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
Je normálne že mi vyplo niektoré procesy (explorer.exe, sidebar, thunderbird a ine)?
Tu je log
############################## | UsbFix 7.014 | [Deletion]
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 20:35:16 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (49 Mb free - 50%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
E:\ -> Removable drive # 964 Mb (870 Mb free - 90%) [PENDRIVE] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
H:\ -> Removable drive # 66 Mb (66 Mb free - 100%) [PHONE] # FAT
J:\ -> Removable drive # 2 Gb (457 Mb free - 23%) [PHONE CARD] # FAT
################## | Files # Infected Folders |
Not deleted ! G:\sys
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a88a44fc-837e-11df-96bd-806e6f6e6963}
################## | Listing |
[08/11/2010 - 20:39:08 | SHD ] C:\$Recycle.Bin
[06/11/2010 - 17:11:37 | D ] C:\$UPGRADE.~OS
[06/11/2010 - 17:11:05 | D ] C:\$WINDOWS.~BT
[01/11/2010 - 19:15:45 | A | 1024] C:\.rnd
[10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat
[10/06/2009 - 22:42:20 | A | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[08/11/2010 - 19:20:17 | ASH | 1603772416] C:\hiberfil.sys
[07/09/2010 - 18:58:27 | RASH | 0] C:\IO.SYS
[07/09/2010 - 18:58:27 | RASH | 0] C:\MSDOS.SYS
[10/10/2010 - 20:48:24 | RHD ] C:\MSOCache
[15/10/2010 - 16:00:54 | D ] C:\Nový priečinok
[08/11/2010 - 18:20:23 | D ] C:\OziExplorer
[08/11/2010 - 19:20:20 | ASH | 2138365952] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[08/11/2010 - 18:45:14 | RD ] C:\Program Files
[08/11/2010 - 18:45:14 | HD ] C:\ProgramData
[04/11/2010 - 21:28:29 | SHD ] C:\Recovery
[07/11/2010 - 20:55:39 | D ] C:\rsit
[05/07/2010 - 20:30:15 | RD ] C:\Sandbox
[06/07/2010 - 20:16:06 | D ] C:\swsetup
[07/11/2010 - 15:31:05 | SHD ] C:\System Volume Information
[21/09/2010 - 17:56:54 | D ] C:\tmp
[30/06/2010 - 15:37:37 | D ] C:\totalcmd
[08/11/2010 - 20:39:08 | D ] C:\UsbFix
[08/11/2010 - 20:35:16 | A | 2454] C:\UsbFix.txt
[05/11/2010 - 21:11:49 | RD ] C:\Users
[07/11/2010 - 09:56:40 | D ] C:\Windows
[06/11/2010 - 09:57:26 | RD ] C:\Záloha
[08/11/2010 - 20:39:08 | SHD ] D:\$RECYCLE.BIN
[07/11/2010 - 09:56:47 | SHD ] D:\System Volume Information
[06/05/2010 - 18:23:20 | A | 22389739] E:\Sofa_Mobel&Zeit N070510.gsm
[03/09/2010 - 19:16:36 | A | 64903] E:\Stolik.skp
[03/11/2010 - 12:37:14 | A | 94517] E:\vypis z katastra.pdf
[16/09/2010 - 19:45:20 | A | 7922376] E:\Zuzana.atl
[14/09/2010 - 16:45:16 | A | 1846640] E:\Zuzana.bpn
[12/09/2010 - 19:42:10 | A | 21039305] E:\Zuzana.mov
[14/09/2010 - 16:50:26 | A | 1846656] E:\Zuzana.pln
[16/09/2010 - 20:46:56 | A | 8681971] E:\Zuzana_animacia.skp
[11/05/2009 - 16:13:20 | D ] G:\Images
[11/05/2009 - 16:13:20 | D ] G:\Sounds
[11/05/2009 - 16:13:20 | D ] G:\Others
[11/05/2009 - 16:13:20 | D ] G:\Videos
[11/05/2009 - 16:13:20 | HD ] G:\System
[11/05/2009 - 16:14:18 | D ] G:\TrekBuddy
[11/05/2009 - 16:45:50 | HD ] G:\Private
[11/05/2009 - 17:01:26 | D ] G:\sys
[11/05/2009 - 17:01:52 | D ] G:\resource
[11/05/2009 - 19:58:36 | D ] G:\Documents
[31/05/2010 - 20:50:38 | D ] G:\Smartphoneware
[07/06/2010 - 19:07:30 | D ] G:\patches
[01/06/2010 - 19:50:10 | A | 0] G:\359850012895509.ndif
[13/02/2010 - 17:19:58 | D ] H:\music
[13/02/2010 - 17:19:58 | D ] H:\picture
[13/02/2010 - 17:19:58 | D ] H:\other
[13/02/2010 - 17:19:58 | D ] H:\theme
[13/02/2010 - 17:19:58 | D ] H:\video
[13/02/2010 - 17:19:58 | D ] H:\webpage
[17/01/2009 - 09:57:48 | HD ] H:\system
[13/02/2010 - 17:19:58 | D ] H:\DCIM
[01/01/1601 - 01:00:00 | RH | 0] J:\MEMSTICK.IND
[01/01/1601 - 01:00:00 | RH | 0] J:\MSTK_PRO.IND
[24/02/2008 - 18:05:18 | D ] J:\DCIM
[24/02/2008 - 18:05:18 | D ] J:\music
[24/02/2008 - 18:05:18 | D ] J:\picture
[24/02/2008 - 18:05:18 | D ] J:\other
[24/02/2008 - 18:05:18 | D ] J:\video
[24/02/2008 - 18:05:18 | D ] J:\theme
[24/02/2008 - 18:05:18 | D ] J:\webpage
[24/02/2008 - 18:05:18 | HD ] J:\system
[02/04/2008 - 08:26:44 | RH | 12] J:\xconf.dat
[30/01/2010 - 20:30:06 | RH | 12] J:\msconf.dat
[04/05/2010 - 16:34:34 | D ] J:\TrekBuddy
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_MATO-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Tu je log
############################## | UsbFix 7.014 | [Deletion]
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 20:35:16 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (49 Mb free - 50%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
E:\ -> Removable drive # 964 Mb (870 Mb free - 90%) [PENDRIVE] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
H:\ -> Removable drive # 66 Mb (66 Mb free - 100%) [PHONE] # FAT
J:\ -> Removable drive # 2 Gb (457 Mb free - 23%) [PHONE CARD] # FAT
################## | Files # Infected Folders |
Not deleted ! G:\sys
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a88a44fc-837e-11df-96bd-806e6f6e6963}
################## | Listing |
[08/11/2010 - 20:39:08 | SHD ] C:\$Recycle.Bin
[06/11/2010 - 17:11:37 | D ] C:\$UPGRADE.~OS
[06/11/2010 - 17:11:05 | D ] C:\$WINDOWS.~BT
[01/11/2010 - 19:15:45 | A | 1024] C:\.rnd
[10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat
[10/06/2009 - 22:42:20 | A | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[08/11/2010 - 19:20:17 | ASH | 1603772416] C:\hiberfil.sys
[07/09/2010 - 18:58:27 | RASH | 0] C:\IO.SYS
[07/09/2010 - 18:58:27 | RASH | 0] C:\MSDOS.SYS
[10/10/2010 - 20:48:24 | RHD ] C:\MSOCache
[15/10/2010 - 16:00:54 | D ] C:\Nový priečinok
[08/11/2010 - 18:20:23 | D ] C:\OziExplorer
[08/11/2010 - 19:20:20 | ASH | 2138365952] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[08/11/2010 - 18:45:14 | RD ] C:\Program Files
[08/11/2010 - 18:45:14 | HD ] C:\ProgramData
[04/11/2010 - 21:28:29 | SHD ] C:\Recovery
[07/11/2010 - 20:55:39 | D ] C:\rsit
[05/07/2010 - 20:30:15 | RD ] C:\Sandbox
[06/07/2010 - 20:16:06 | D ] C:\swsetup
[07/11/2010 - 15:31:05 | SHD ] C:\System Volume Information
[21/09/2010 - 17:56:54 | D ] C:\tmp
[30/06/2010 - 15:37:37 | D ] C:\totalcmd
[08/11/2010 - 20:39:08 | D ] C:\UsbFix
[08/11/2010 - 20:35:16 | A | 2454] C:\UsbFix.txt
[05/11/2010 - 21:11:49 | RD ] C:\Users
[07/11/2010 - 09:56:40 | D ] C:\Windows
[06/11/2010 - 09:57:26 | RD ] C:\Záloha
[08/11/2010 - 20:39:08 | SHD ] D:\$RECYCLE.BIN
[07/11/2010 - 09:56:47 | SHD ] D:\System Volume Information
[06/05/2010 - 18:23:20 | A | 22389739] E:\Sofa_Mobel&Zeit N070510.gsm
[03/09/2010 - 19:16:36 | A | 64903] E:\Stolik.skp
[03/11/2010 - 12:37:14 | A | 94517] E:\vypis z katastra.pdf
[16/09/2010 - 19:45:20 | A | 7922376] E:\Zuzana.atl
[14/09/2010 - 16:45:16 | A | 1846640] E:\Zuzana.bpn
[12/09/2010 - 19:42:10 | A | 21039305] E:\Zuzana.mov
[14/09/2010 - 16:50:26 | A | 1846656] E:\Zuzana.pln
[16/09/2010 - 20:46:56 | A | 8681971] E:\Zuzana_animacia.skp
[11/05/2009 - 16:13:20 | D ] G:\Images
[11/05/2009 - 16:13:20 | D ] G:\Sounds
[11/05/2009 - 16:13:20 | D ] G:\Others
[11/05/2009 - 16:13:20 | D ] G:\Videos
[11/05/2009 - 16:13:20 | HD ] G:\System
[11/05/2009 - 16:14:18 | D ] G:\TrekBuddy
[11/05/2009 - 16:45:50 | HD ] G:\Private
[11/05/2009 - 17:01:26 | D ] G:\sys
[11/05/2009 - 17:01:52 | D ] G:\resource
[11/05/2009 - 19:58:36 | D ] G:\Documents
[31/05/2010 - 20:50:38 | D ] G:\Smartphoneware
[07/06/2010 - 19:07:30 | D ] G:\patches
[01/06/2010 - 19:50:10 | A | 0] G:\359850012895509.ndif
[13/02/2010 - 17:19:58 | D ] H:\music
[13/02/2010 - 17:19:58 | D ] H:\picture
[13/02/2010 - 17:19:58 | D ] H:\other
[13/02/2010 - 17:19:58 | D ] H:\theme
[13/02/2010 - 17:19:58 | D ] H:\video
[13/02/2010 - 17:19:58 | D ] H:\webpage
[17/01/2009 - 09:57:48 | HD ] H:\system
[13/02/2010 - 17:19:58 | D ] H:\DCIM
[01/01/1601 - 01:00:00 | RH | 0] J:\MEMSTICK.IND
[01/01/1601 - 01:00:00 | RH | 0] J:\MSTK_PRO.IND
[24/02/2008 - 18:05:18 | D ] J:\DCIM
[24/02/2008 - 18:05:18 | D ] J:\music
[24/02/2008 - 18:05:18 | D ] J:\picture
[24/02/2008 - 18:05:18 | D ] J:\other
[24/02/2008 - 18:05:18 | D ] J:\video
[24/02/2008 - 18:05:18 | D ] J:\theme
[24/02/2008 - 18:05:18 | D ] J:\webpage
[24/02/2008 - 18:05:18 | HD ] J:\system
[02/04/2008 - 08:26:44 | RH | 12] J:\xconf.dat
[30/01/2010 - 20:30:06 | RH | 12] J:\msconf.dat
[04/05/2010 - 16:34:34 | D ] J:\TrekBuddy
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_MATO-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Re: Prosím o preventívnu kontrolu.
Po restartu by jste to měl mít v pořádku.
Nemáte jednotku G ochráněnou proti zápisu? Protože se šmejd nesmazal
Nemáte jednotku G ochráněnou proti zápisu? Protože se šmejd nesmazal
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
Jednotka G je pamäťová karta používaná v telefóne Nokia 6120 s op.systemom Symbian S60.
Môže to byť preto? Čo teraz?
P.S. Až teraz som si všimol že som v MBAM spustil rýchlu kontrolu a nie úplnú o ktorú ste ma žiadali.
Neskôr vložím log z úplnej kontroly.
Môže to byť preto? Čo teraz?
P.S. Až teraz som si všimol že som v MBAM spustil rýchlu kontrolu a nie úplnú o ktorú ste ma žiadali.
Neskôr vložím log z úplnej kontroly.
Naposledy upravil(a) knifak dne 08 lis 2010 21:09, celkem upraveno 1 x.
Re: Prosím o preventívnu kontrolu.
Takže ji asi nemůžete zformátovat? Vydržte, poradím se s kolegy.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
No ak to bude nevyhnutné tak ju sformátujem. Ale dúfam že sa nájde lepšie riešenie.
Re: Prosím o preventívnu kontrolu.
Přijde mi, že je chráněná proti zápisu, protože se na ni nezapsal ani ochraný autorun .
Tudíž veškeré pokusy na ní mazat budou asi zbytečné .
.Tudíž veškeré pokusy na ní mazat budou asi zbytečné
.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
Teraz som si spomenul že na adaptéri do ktorého vkladám kartu bol zapnutý LOCK. Ospravedlňujem sa
Mám spustiť USBFIX ešte raz? Research alebo deletion?
Mám spustiť USBFIX ešte raz? Research alebo deletion?
Re: Prosím o preventívnu kontrolu.
Vy jste mi dal zabrat 
deletion
deletion
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o preventívnu kontrolu.
Ešte raz sa ospravedlňujem to tá moja skleróza
Zajtra sem vložím log z MBAM úplnej kontroly. Zatiaľ ďakujem
Tu je log z USBFix
############################## | UsbFix 7.014 | [Deletion]
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 21:41:21 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (49 Mb free - 50%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
################## | Files # Infected Folders |
Deleted ! G:\sys
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[08/11/2010 - 21:43:52 | SHD ] C:\$Recycle.Bin
[06/11/2010 - 17:11:37 | D ] C:\$UPGRADE.~OS
[06/11/2010 - 17:11:05 | D ] C:\$WINDOWS.~BT
[01/11/2010 - 19:15:45 | A | 1024] C:\.rnd
[10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat
[08/11/2010 - 20:39:12 | RASHD ] C:\Autorun.inf
[10/06/2009 - 22:42:20 | A | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[08/11/2010 - 19:20:17 | ASH | 1603772416] C:\hiberfil.sys
[07/09/2010 - 18:58:27 | RASH | 0] C:\IO.SYS
[07/09/2010 - 18:58:27 | RASH | 0] C:\MSDOS.SYS
[10/10/2010 - 20:48:24 | RHD ] C:\MSOCache
[15/10/2010 - 16:00:54 | D ] C:\Nový priečinok
[08/11/2010 - 18:20:23 | D ] C:\OziExplorer
[08/11/2010 - 19:20:20 | ASH | 2138365952] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[08/11/2010 - 18:45:14 | RD ] C:\Program Files
[08/11/2010 - 18:45:14 | HD ] C:\ProgramData
[04/11/2010 - 21:28:29 | SHD ] C:\Recovery
[07/11/2010 - 20:55:39 | D ] C:\rsit
[05/07/2010 - 20:30:15 | RD ] C:\Sandbox
[06/07/2010 - 20:16:06 | D ] C:\swsetup
[07/11/2010 - 15:31:05 | SHD ] C:\System Volume Information
[21/09/2010 - 17:56:54 | D ] C:\tmp
[30/06/2010 - 15:37:37 | D ] C:\totalcmd
[08/11/2010 - 21:43:53 | D ] C:\UsbFix
[08/11/2010 - 21:41:22 | A | 2208] C:\UsbFix.txt
[08/11/2010 - 20:39:16 | A | 1732190] C:\UsbFix_Upload_Me_MATO-PC.zip
[05/11/2010 - 21:11:49 | RD ] C:\Users
[07/11/2010 - 09:56:40 | D ] C:\Windows
[06/11/2010 - 09:57:26 | RD ] C:\Záloha
[08/11/2010 - 21:43:52 | SHD ] D:\$RECYCLE.BIN
[08/11/2010 - 20:39:12 | RASHD ] D:\Autorun.inf
[07/11/2010 - 09:56:47 | SHD ] D:\System Volume Information
[11/05/2009 - 16:13:20 | D ] G:\Images
[11/05/2009 - 16:13:20 | D ] G:\Sounds
[11/05/2009 - 16:13:20 | D ] G:\Others
[11/05/2009 - 16:13:20 | D ] G:\Videos
[11/05/2009 - 16:13:20 | HD ] G:\System
[11/05/2009 - 16:14:18 | D ] G:\TrekBuddy
[11/05/2009 - 16:45:50 | HD ] G:\Private
[11/05/2009 - 17:01:52 | D ] G:\resource
[11/05/2009 - 19:58:36 | D ] G:\Documents
[31/05/2010 - 20:50:38 | D ] G:\Smartphoneware
[07/06/2010 - 19:07:30 | D ] G:\patches
[01/06/2010 - 19:50:10 | A | 0] G:\359850012895509.ndif
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_MATO-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Zajtra sem vložím log z MBAM úplnej kontroly. Zatiaľ ďakujem
Tu je log z USBFix
############################## | UsbFix 7.014 | [Deletion]
User: Mato (Administrator) # MATO-PC [Hewlett-Packard HP Compaq 6720s]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 21:41:21 | 08/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2410 @ 2.00GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall: Disabled /!\
RAM -> 2039 Mb
C:\ (%systemdrive%) -> Fixed drive # 98 Gb (49 Mb free - 50%) [] # NTFS
D:\ -> Fixed drive # 135 Gb (135 Mb free - 100%) [Nový zväzok] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 94%) [Karta] # FAT32
################## | Files # Infected Folders |
Deleted ! G:\sys
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[08/11/2010 - 21:43:52 | SHD ] C:\$Recycle.Bin
[06/11/2010 - 17:11:37 | D ] C:\$UPGRADE.~OS
[06/11/2010 - 17:11:05 | D ] C:\$WINDOWS.~BT
[01/11/2010 - 19:15:45 | A | 1024] C:\.rnd
[10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat
[08/11/2010 - 20:39:12 | RASHD ] C:\Autorun.inf
[10/06/2009 - 22:42:20 | A | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[08/11/2010 - 19:20:17 | ASH | 1603772416] C:\hiberfil.sys
[07/09/2010 - 18:58:27 | RASH | 0] C:\IO.SYS
[07/09/2010 - 18:58:27 | RASH | 0] C:\MSDOS.SYS
[10/10/2010 - 20:48:24 | RHD ] C:\MSOCache
[15/10/2010 - 16:00:54 | D ] C:\Nový priečinok
[08/11/2010 - 18:20:23 | D ] C:\OziExplorer
[08/11/2010 - 19:20:20 | ASH | 2138365952] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[08/11/2010 - 18:45:14 | RD ] C:\Program Files
[08/11/2010 - 18:45:14 | HD ] C:\ProgramData
[04/11/2010 - 21:28:29 | SHD ] C:\Recovery
[07/11/2010 - 20:55:39 | D ] C:\rsit
[05/07/2010 - 20:30:15 | RD ] C:\Sandbox
[06/07/2010 - 20:16:06 | D ] C:\swsetup
[07/11/2010 - 15:31:05 | SHD ] C:\System Volume Information
[21/09/2010 - 17:56:54 | D ] C:\tmp
[30/06/2010 - 15:37:37 | D ] C:\totalcmd
[08/11/2010 - 21:43:53 | D ] C:\UsbFix
[08/11/2010 - 21:41:22 | A | 2208] C:\UsbFix.txt
[08/11/2010 - 20:39:16 | A | 1732190] C:\UsbFix_Upload_Me_MATO-PC.zip
[05/11/2010 - 21:11:49 | RD ] C:\Users
[07/11/2010 - 09:56:40 | D ] C:\Windows
[06/11/2010 - 09:57:26 | RD ] C:\Záloha
[08/11/2010 - 21:43:52 | SHD ] D:\$RECYCLE.BIN
[08/11/2010 - 20:39:12 | RASHD ] D:\Autorun.inf
[07/11/2010 - 09:56:47 | SHD ] D:\System Volume Information
[11/05/2009 - 16:13:20 | D ] G:\Images
[11/05/2009 - 16:13:20 | D ] G:\Sounds
[11/05/2009 - 16:13:20 | D ] G:\Others
[11/05/2009 - 16:13:20 | D ] G:\Videos
[11/05/2009 - 16:13:20 | HD ] G:\System
[11/05/2009 - 16:14:18 | D ] G:\TrekBuddy
[11/05/2009 - 16:45:50 | HD ] G:\Private
[11/05/2009 - 17:01:52 | D ] G:\resource
[11/05/2009 - 19:58:36 | D ] G:\Documents
[31/05/2010 - 20:50:38 | D ] G:\Smartphoneware
[07/06/2010 - 19:07:30 | D ] G:\patches
[01/06/2010 - 19:50:10 | A | 0] G:\359850012895509.ndif
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_MATO-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Naposledy upravil(a) knifak dne 08 lis 2010 21:54, celkem upraveno 1 x.
Přispějete na provoz fóra?