Zdravím a pozdravuji,
při spuštění Firefoxu mi Avast hlásí infekci.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Lukáš at 2011-06-14 10:32:17
Microsoft Windows 7 Ultimate
System drive C: has 122 GB (17%) free of 715 GB
Total RAM: 4095 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:32, on 14.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Lukáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [iTraffic Monitor] C:\Program Files (x86)\iTraffic Monitor\iTrafficMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files (x86)\BitSpirit\bsurl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/ww/plugin/ ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.iamironman2.com/plugin/DFusi ... taller.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12635 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe"
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
\??\C:\Windows\system32\conhost.exe
"C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Genius\ioCentre\gTaskBar.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
WLIDSvcM.exe 2284
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Genius\ioCentre\gMouseTask
C:\Genius\ioCentre\gKbdTask
C:\Genius\ioCentre\gIoCentreFunMgm
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/disabled_prefetch/DnsParallelism/parallel_8/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/ --channel=4800.0523B5D0.1072748306 /prefetch:3
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/disabled_prefetch/DnsParallelism/parallel_8/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/ --channel=4800.050E34C0.1021328552 /prefetch:3
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/disabled_prefetch/DnsParallelism/parallel_8/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/ --channel=4800.050E8750.248280366 /prefetch:3
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/disabled_prefetch/DnsParallelism/parallel_8/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/ --channel=4800.050EC360.303561732 /prefetch:3
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/disabled_prefetch/DnsParallelism/parallel_8/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/ --channel=4800.07FFEBB0.795593883 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\LUK~1\AppData\Local\Google\Chrome\APPLIC~1\120742~1.91\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Lukáš\AppData\Local\Google\Chrome\Application\12.0.742.91\gcswf32.dll" --lang=cs --channel=4800.0820FDF8.227415487 /prefetch:4 --flash-broker=4420
"C:\Users\Lukáš\Downloads\RSITx64 (3).exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-19 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-11-24 1536456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-20 7981088]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"GUCI_AVS"=C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"=C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe [2009-12-15 658432]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Users\Lukáš\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
"iTraffic Monitor"=C:\Program Files (x86)\iTraffic Monitor\iTrafficMon.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2009-09-03 60928]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]
"RemoteControl"=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
""= []
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-01-30 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-01-30 821144]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-06-08 15:13:51 ----D---- C:\Users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 15:05:42 ----D---- C:\ProgramData\Ubisoft
2011-06-07 11:44:47 ----D---- C:\ProgramData\Applian
2011-06-02 11:32:21 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-05-27 16:30:13 ----A---- C:\Windows\night.ini
2011-05-27 16:27:08 ----D---- C:\Program Files (x86)\Star Sky
2011-05-25 10:46:05 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-24 16:13:20 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-05-24 16:13:20 ----A---- C:\Windows\system32\poqexec.exe
2011-05-19 11:21:58 ----A---- C:\Windows\system32\javaws.exe
2011-05-19 11:21:58 ----A---- C:\Windows\system32\javaw.exe
2011-05-19 11:21:58 ----A---- C:\Windows\system32\java.exe
2011-05-19 11:21:58 ----A---- C:\Windows\system32\deployJava1.dll
2011-05-19 11:19:25 ----D---- C:\Program Files\Java
2011-05-19 11:06:16 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-05-19 11:06:16 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-05-19 11:06:16 ----A---- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 months======
2011-06-14 10:32:24 ----D---- C:\Windows\Internet Logs
2011-06-14 10:32:23 ----D---- C:\Windows\Temp
2011-06-14 10:32:21 ----D---- C:\Program Files\trend micro
2011-06-14 10:29:53 ----D---- C:\Windows\Prefetch
2011-06-14 10:25:57 ----D---- C:\Windows\system32\config
2011-06-14 10:15:38 ----SHD---- C:\System Volume Information
2011-06-14 10:11:31 ----D---- C:\Windows\system32\drivers
2011-06-13 22:17:54 ----D---- C:\Downloads
2011-06-13 13:08:27 ----D---- C:\Program Files (x86)\Steam
2011-06-11 12:48:31 ----SHD---- C:\Windows\Installer
2011-06-11 12:47:26 ----RSD---- C:\Windows\assembly
2011-06-08 15:05:42 ----HD---- C:\ProgramData
2011-06-08 14:50:23 ----D---- C:\Program Files (x86)\Ubisoft
2011-06-08 14:50:22 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-07 20:04:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-06-07 11:55:58 ----RD---- C:\Program Files
2011-06-07 11:55:55 ----D---- C:\Windows\system32\DriverStore
2011-06-07 11:55:55 ----D---- C:\Windows\system32\catroot
2011-06-07 11:55:55 ----D---- C:\Windows\inf
2011-06-06 01:17:49 ----D---- C:\Program Files (x86)
2011-06-06 01:17:39 ----D---- C:\Windows\system32\Tasks
2011-06-05 19:12:47 ----D---- C:\Windows\SysWOW64
2011-06-05 19:11:21 ----D---- C:\Windows\system32\drivers\etc
2011-06-05 18:49:51 ----D---- C:\Windows\SYSWOW64\directx
2011-06-04 19:41:12 ----D---- C:\Windows\System32
2011-06-04 19:41:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-01 01:49:38 ----D---- C:\Program Files (x86)\Google
2011-05-31 12:36:04 ----D---- C:\Users\Lukáš\AppData\Roaming\vlc
2011-05-31 11:33:40 ----D---- C:\Program Files\Common Files\Adobe
2011-05-31 11:32:56 ----RSD---- C:\Windows\Fonts
2011-05-28 10:28:35 ----D---- C:\Windows
2011-05-28 10:28:14 ----D---- C:\Windows\Logs
2011-05-25 23:55:15 ----D---- C:\Windows\winsxs
2011-05-25 10:45:32 ----D---- C:\Windows\system32\catroot2
2011-05-19 11:06:40 ----D---- C:\Program Files (x86)\Common Files
2011-05-19 11:06:01 ----D---- C:\Program Files (x86)\Java
2011-05-19 10:51:35 ----D---- C:\Users\Lukáš\AppData\Roaming\.minecraft
2011-05-16 12:58:18 ----D---- C:\Windows\rescache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-05 257120]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-23 834544]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-06-05 1477728]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-05 943712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 29264]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 273488]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 51792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 458840]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 20560]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 145920]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-05 251488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 6174720]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2009-06-27 25088]
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2009-06-25 14336]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-20 1831968]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\Windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 49664]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-17 294400]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840]
R4 DRIVER_B;DRIVER_B; \??\C:\Windows\system32\Drivers\DRIVER_BIN64 []
S1 atitray;atitray; \??\C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
S3 aazbltca;aazbltca; C:\Windows\system32\drivers\aazbltca.sys []
S3 appliandMP;appliandMP; C:\Windows\system32\DRIVERS\appliand.sys []
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 614272]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 40464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-12-22 43792]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 894480]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 AllShare;SAMSUNG AllShare Service; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-26 655624]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-04-16 403240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Napadený firefox
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Napadený firefox
Zdravim a pekny den preji 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
ComboFix 11-06-13.04 - Lukáš 14.06.2011 11:12:18.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2700 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 09:19 . 2011-06-14 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-iTraffic Monitor - c:\program files (x86)\iTraffic Monitor\iTrafficMon.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-74713dea - c:\windows\system32\74713dea.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 11:22:50
ComboFix-quarantined-files.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 136 755 281 920
Po spuštění: Volných bajtů: 137 861 627 904
.
- - End Of File - - 5207BDB7F2DDD130FC7F84AA28C0EA1E
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2700 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 09:19 . 2011-06-14 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-iTraffic Monitor - c:\program files (x86)\iTraffic Monitor\iTrafficMon.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-74713dea - c:\windows\system32\74713dea.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 11:22:50
ComboFix-quarantined-files.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 136 755 281 920
Po spuštění: Volných bajtů: 137 861 627 904
.
- - End Of File - - 5207BDB7F2DDD130FC7F84AA28C0EA1E
Re: Napadený firefox
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Driver:: Akamai DRIVER_B gupdate gupdatem NetScv:: Akamai File:: C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000UA.job Folder:: C:\Program Files (x86)\DAEMON Tools Toolbar Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- "RemoteControl"=- "LanguageShortcut"=- "Adobe ARM"=- "Adobe Acrobat Speed Launcher"=- "Acrobat Assistant 8.0"=- "Adobe Reader Speed Launcher"=- "SunJavaUpdateSched"=- "AdobeCS4ServiceManager"=- RegLock:: [HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] RegNull:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_] Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
ComboFix 11-06-13.04 - Lukáš 14.06.2011 11:38:20.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2596 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\LUKA~1\AppData\Local\temp
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\Games\AppData\Local\temp
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 11:47:25
ComboFix-quarantined-files.txt 2011-06-14 09:47
ComboFix2.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 137 699 123 200
Po spuštění: Volných bajtů: 137 626 173 440
.
- - End Of File - - A194965657FE95634068074ED53442BF
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2596 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\LUKA~1\AppData\Local\temp
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\Games\AppData\Local\temp
2011-06-14 09:44 . 2011-06-14 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 11:47:25
ComboFix-quarantined-files.txt 2011-06-14 09:47
ComboFix2.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 137 699 123 200
Po spuštění: Volných bajtů: 137 626 173 440
.
- - End Of File - - A194965657FE95634068074ED53442BF
Re: Napadený firefox
Mel jste v tom skriptu ten zeleny text 
Sice byl skript aplikovan ale nic se neproedlo
Pripadne postup opakujte
Sice byl skript aplikovan ale nic se neproedlo
Pripadne postup opakujte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
Ano, zkopíroval jsem zelený text do scriptu. Tady je nový log:
ComboFix 11-06-13.04 - Lukáš 14.06.2011 12:02:36.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2763 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\LUKA~1\AppData\Local\temp
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\Games\AppData\Local\temp
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-14_09.20.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-06-14 08:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-14 08:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-14 08:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-06-14 09:54 49372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-14 08:13 49372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-22 17:44 . 2011-06-14 09:54 21232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4232700249-3018015274-2546475948-1000_UserData.bin
- 2009-12-22 17:44 . 2011-06-14 08:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 17:44 . 2011-06-14 08:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-22 17:44 . 2011-06-14 08:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 18:08 . 2011-06-14 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 18:08 . 2011-06-14 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 18:08 . 2011-06-14 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 18:08 . 2011-06-14 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-14 08:10 . 2011-06-14 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-14 09:52 . 2011-06-14 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-14 08:10 . 2011-06-14 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-14 09:52 . 2011-06-14 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-06-13 23:08 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-14 09:50 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-17 22:45 . 2011-06-14 09:50 1132512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4232700249-3018015274-2546475948-1000-12288.dat
- 2010-07-17 22:45 . 2011-06-13 23:08 1132512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4232700249-3018015274-2546475948-1000-12288.dat
+ 2009-07-14 02:34 . 2011-06-14 10:06 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-06-14 08:25 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 12:13:24
ComboFix-quarantined-files.txt 2011-06-14 10:13
ComboFix2.txt 2011-06-14 09:47
ComboFix3.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 137 434 779 648
Po spuštění: Volných bajtů: 137 366 839 296
.
- - End Of File - - 46C7CEF57F5706E3A4A1D40DF1C6FACC
ComboFix 11-06-13.04 - Lukáš 14.06.2011 12:02:36.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2763 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-14 do 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\LUKA~1\AppData\Local\temp
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\Games\AppData\Local\temp
2011-06-14 10:10 . 2011-06-14 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 08:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0B45B4F-CA74-44D0-9328-7BCD40FE42A5}\mpengine.dll
2011-06-08 13:13 . 2011-06-08 13:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Ubisoft
2011-06-08 13:05 . 2011-06-08 13:05 -------- d-----w- c:\programdata\Ubisoft
2011-06-07 09:45 . 2011-06-07 09:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Jaksta_Technologies_Pty_L
2011-06-07 09:44 . 2011-06-07 09:44 -------- d-----w- c:\programdata\Applian
2011-06-05 17:12 . 2011-04-29 15:07 2691072 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}\components\1a9048ee.dll
2011-06-02 09:32 . 2011-06-02 09:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 14:27 . 2011-05-27 14:27 -------- d-----w- c:\program files (x86)\Star Sky
2011-05-25 08:46 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:13 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:13 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\users\Lukáš\AppData\Local\Apps
2011-05-19 09:21 . 2011-05-19 09:21 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 09:19 . 2011-05-19 09:21 -------- d-----w- c:\program files\Java
2011-05-19 09:06 . 2011-05-19 09:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-19 09:06 . 2011-04-14 03:08 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-18 07:05 . 2011-06-08 09:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-08-31 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:45 . 2011-05-11 22:05 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 22:05 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 22:05 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 22:05 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 22:05 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 22:05 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 22:05 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 22:05 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 22:05 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 22:05 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-14_09.20.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-06-14 08:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-14 08:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-14 09:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-14 08:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-06-14 09:54 49372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-14 08:13 49372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-22 17:44 . 2011-06-14 09:54 21232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4232700249-3018015274-2546475948-1000_UserData.bin
- 2009-12-22 17:44 . 2011-06-14 08:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 17:44 . 2011-06-14 08:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-22 17:44 . 2011-06-14 08:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 17:44 . 2011-06-14 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 18:08 . 2011-06-14 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 18:08 . 2011-06-14 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 18:08 . 2011-06-14 09:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 18:08 . 2011-06-14 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-14 08:10 . 2011-06-14 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-14 09:52 . 2011-06-14 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-14 08:10 . 2011-06-14 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-14 09:52 . 2011-06-14 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-06-13 23:08 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-14 09:50 389160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-17 22:45 . 2011-06-14 09:50 1132512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4232700249-3018015274-2546475948-1000-12288.dat
- 2010-07-17 22:45 . 2011-06-13 23:08 1132512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4232700249-3018015274-2546475948-1000-12288.dat
+ 2009-07-14 02:34 . 2011-06-14 10:06 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-06-14 08:25 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2009-12-15 658432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2009-12-23 21504]
R2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-26 1038088]
R3 GUCI_AVS;iSlim 320;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-08-22 12288]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-05 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-29 16:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusion ... taller.exe
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.iamironman2.com/plugin/DFusionHomeW ... taller.exe
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,06,f4,c2,a1,81,14,d9,79,7e,f3,81,5a,e7,42,0a,4b,2c,81,d4,68,
00,f6,b1,ae,fc,94,bd,e0,36,a0,ef,9b,81,7f,9d,8e,1a,df,8a,dd,5d,7c,74,37,34,\
"rkeysecu"=hex:c7,38,f6,bc,de,ca,02,93,9f,ef,93,1c,96,9a,25,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078D7A41595440"
"lr"="078D4B6E5B5555"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-14 12:13:24
ComboFix-quarantined-files.txt 2011-06-14 10:13
ComboFix2.txt 2011-06-14 09:47
ComboFix3.txt 2011-06-14 09:22
.
Před spuštěním: Volných bajtů: 137 434 779 648
Po spuštění: Volných bajtů: 137 366 839 296
.
- - End Of File - - 46C7CEF57F5706E3A4A1D40DF1C6FACC
Re: Napadený firefox
Nejak se Cfku nechce ci co, pujdem na to jinak...
Stahnete OTL (viz muj podpis) a ulozte jej na plochu
Stahnete OTL (viz muj podpis) a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start adp3132.sys AGP440.sys ahcix86.sys ahcix86s.sys atapi.sys autochk.exe cdrom.sys cngaudit.dll cryptsvc.dll eNetHook.dll eventlog.dll explorer.exe hal.dll Changer.sys iaStor.sys iastorv.sys IdeChnDr.sys isapnp.sys JakNDis.sys KR10N.sys logevent.dll lsass.exe mv61xx.sys ndis.sys netlogon.dll ntelogon.dll nvata.sys nvatabus.sys nvgts.sys nvraid.sys nvrd32.sys nvstor.sys nvstor32.sys scecli.dll sceclt.dll smss.exe svchost.exe symmpi.sys tcpip.sys userinit.exe vaxscsi.sys viamraid.sys viasraid.sys ViPrt.sys winlogon.exe ws2_32.dll /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
OTL Extras logfile created on: 14.6.2011 12:34:48 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Lukáš\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,02% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,64 Gb Total Space | 128,02 Gb Free Space | 18,32% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 951,05 Gb Free Space | 51,05% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 147,83 Gb Free Space | 21,16% Space Free | Partition Type: NTFS
Drive G: | 931,50 Gb Total Space | 36,27 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Computer Name: LUKÁŠ-PC | User Name: Lukáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{596D57BD-31B4-45F7-8855-9E13D15D7B7E}" = ATI Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B1E6C4B8-B3D6-1DFF-AF38-50D43885D565}" = ccc-utility64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ComicRack" = ComicRack v0.9.141
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 25
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision(R)
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}" = Adobe Setup
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
"{535B21E4-EE17-4970-459F-9AA67EA23261}" = CCC Help Turkish
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5AA617AF-A4A4-AA20-E81D-EA14F585FB6A}" = CCC Help Swedish
"{5D629C4C-1EB4-5436-FA1C-15878067257F}" = CCC Help Danish
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6544BC7B-158C-88EB-9D63-2C37347A4902}" = CCC Help Finnish
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{7980631D-6A17-EF85-2D95-6F77E0B586AD}" = CCC Help Dutch
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): THE GAME
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83361668-9E22-4DBC-810A-148014EF71B3}" = FastPictureViewer WIC Codec Pack 1.62
"{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}" = Adobe Creative Suite 4 Design Premium
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9EF7918F-6283-48D4-8648-9FE84BE9FB41}" = The Orange Box
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.3 - Czech
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67AE61E-640C-358A-CF8A-4883C03F1E80}" = CCC Help Russian
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF5CFD2D-D057-4A98-962F-3FEE6F4580EF}" = CrazyTalk Avatar Creator
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = iSlim 320
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{cd8b5019-fd26-4b8e-b3e5-2ca678337a1c}" = Nero 9 Trial
"{CE898A54-E9BB-4F4E-26A6-DBCF9F8DE5A2}" = CCC Help Czech
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D3795283-6113-42A2-9963-B33C26FB5D24}" = WebMate
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F681E38A-E0EF-21F8-B787-B62332B45555}" = CCC Help Norwegian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"74713dea" = Contextual Tool Yourprofitclub
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b421102ce31f2649ef3785f2a17166f" = Adobe Creative Suite 4 Design Premium
"Akamai" = Akamai NetSession Interface
"Alone In The Dark_is1" = Alone In The Dark
"avast5" = avast! Free Antivirus
"BitSpirit_is1" = BitSpirit v3.6.0.330 Stable
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Crazy Machines New from the Lab1.231" = Crazy Machines New from the Lab
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defcon_is1" = Defcon v1.6
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DFusionWeb" = Total Immersion D'Fusion Web Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Episode 1" = Back to the Future The Game - Episode 1
"ffdshow_is1" = ffdshow [rev 3189] [2010-01-09]
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"ie_Tron_Screensaver_1024x768" = ie_Tron_Screensaver_1024x768
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers(TM) - War for Cybertron(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Mp3tag" = Mp3tag v2.47b
"OnLive" = OnLive
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"Postal 2_is1" = Portal 2
"Psi" = Psi (remove only)
"rajče.net_is1" = rajče verze 58 sestavení 205
"rayatitray" = Ray Adams ATI Tray Tools
"RaybanMirror" = Ray-Ban Virtual Mirror
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 11020" = TrackMania Nations Forever
"Steam App 39000" = Moonbase Alpha
"Steam App 50130" = Mafia II
"Steam App 57900" = Duke Nukem Forever
"Stellarium_is1" = Stellarium 0.10.6.1
"Totalcmd" = Total Commander (Remove or Repair)
"Universe Sandbox" = Universe Sandbox
"VLC media player" = VLC media player 1.1.6
"Winamp" = Winamp
"WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"WinPcapInst" = WinPcap 4.0.2
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.21
"Zombie Driver" = Zombie Driver 1.0.3
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 2.2.2010 17:56:30 | Computer Name = Lukáš-PC | Source = avast! | ID = 33554522
Description =
Error - 31.3.2010 17:02:56 | Computer Name = Lukáš-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 5.6.2011 12:54:51 | Computer Name = Lukáš-PC | Source = VSS | ID = 8194
Description =
Error - 5.6.2011 17:29:27 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 7.6.2011 8:37:39 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 7.6.2011 14:37:11 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: xul.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6a921 Kód výjimky: 0xc0000005 Posun chyby: 0x009becbc ID chybujícího
procesu: 0x1978 Čas spuštění chybující aplikace: 0x01cc2541dba6179d Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID zprávy: 2786ebb4-9135-11e0-bb40-0050fca1872d
Error - 8.6.2011 18:46:16 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: sidebar.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bc9e1 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000374 Posun chyby: 0x00000000000c6ab2
ID
chybujícího procesu: 0xca8 Čas spuštění chybující aplikace: 0x01cc25be16d83a45 Cesta
k chybující aplikaci: C:\Program Files\Windows Sidebar\sidebar.exe Cesta k chybujícímu
modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 1df8bb0d-9221-11e0-b32e-0050fca1872d
Error - 9.6.2011 15:42:29 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: sidebar.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bc9e1 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000000316ff
ID
chybujícího procesu: 0xb54 Čas spuštění chybující aplikace: 0x01cc26895b679df8 Cesta
k chybující aplikaci: C:\Program Files\Windows Sidebar\sidebar.exe Cesta k chybujícímu
modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 9c05d932-92d0-11e0-a3fe-0050fca1872d
Error - 10.6.2011 17:53:07 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 12.6.2011 10:23:15 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 13.6.2011 12:01:04 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: mozalloc.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6994f Kód výjimky: 0x80000003 Posun chyby: 0x00001a39 ID chybujícího
procesu: 0x15a8 Čas spuštění chybující aplikace: 0x01cc29e2f4500b64 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll ID zprávy: 56d75a62-95d6-11e0-81c0-0050fca1872d
Error - 13.6.2011 12:02:29 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: xul.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6a921 Kód výjimky: 0xc0000005 Posun chyby: 0x009becbc ID chybujícího
procesu: 0x173c Čas spuštění chybující aplikace: 0x01cc29e32b6abcf6 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID zprávy: 89a361d8-95d6-11e0-81c0-0050fca1872d
[ Media Center Events ]
Error - 5.3.2010 15:55:32 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 20:55:32 - Chyba při připojování k Internetu 20:55:32 - Nelze kontaktovat
server..
Error - 5.3.2010 15:56:02 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 20:56:01 - Chyba při připojování k Internetu 20:56:01 - Nelze kontaktovat
server..
Error - 5.3.2010 16:56:34 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 21:56:34 - Chyba při připojování k Internetu 21:56:34 - Nelze kontaktovat
server..
Error - 5.3.2010 16:57:05 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 21:57:04 - Chyba při připojování k Internetu 21:57:04 - Nelze kontaktovat
server..
Error - 6.3.2010 12:00:39 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 17:00:39 - Chyba při připojování k Internetu 17:00:39 - Nelze kontaktovat
server..
Error - 6.3.2010 12:01:14 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 17:01:08 - Chyba při připojování k Internetu 17:01:08 - Nelze kontaktovat
server..
Error - 7.3.2010 11:06:47 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 16:06:47 - Chyba při připojování k Internetu 16:06:47 - Nelze kontaktovat
server..
Error - 7.3.2010 11:07:22 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 16:07:16 - Chyba při připojování k Internetu 16:07:16 - Nelze kontaktovat
server..
Error - 8.3.2010 7:08:20 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 12:08:20 - Chyba při připojování k Internetu 12:08:20 - Nelze kontaktovat
server..
Error - 8.3.2010 7:08:54 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 12:08:50 - Chyba při připojování k Internetu 12:08:50 - Nelze kontaktovat
server..
[ System Events ]
Error - 14.6.2011 5:19:54 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:36:37 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7031
Description = Služba Akamai NetSession Interface byla nečekaně ukončena. Stalo se
to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat
službu.
Error - 14.6.2011 5:41:38 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:44:37 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:53:00 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: atitray
Error - 14.6.2011 5:53:18 | Computer Name = Lukáš-PC | Source = ipnathlp | ID = 31004
Description =
Error - 14.6.2011 6:00:56 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7031
Description = Služba Akamai NetSession Interface byla nečekaně ukončena. Stalo se
to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat
službu.
Error - 14.6.2011 6:02:16 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7034
Description = Služba SAMSUNG AllShare Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.
Error - 14.6.2011 6:07:38 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 6:10:34 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
< End of report >
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Lukáš\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,02% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,64 Gb Total Space | 128,02 Gb Free Space | 18,32% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 951,05 Gb Free Space | 51,05% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 147,83 Gb Free Space | 21,16% Space Free | Partition Type: NTFS
Drive G: | 931,50 Gb Total Space | 36,27 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Computer Name: LUKÁŠ-PC | User Name: Lukáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{596D57BD-31B4-45F7-8855-9E13D15D7B7E}" = ATI Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B1E6C4B8-B3D6-1DFF-AF38-50D43885D565}" = ccc-utility64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ComicRack" = ComicRack v0.9.141
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 25
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision(R)
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}" = Adobe Setup
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
"{535B21E4-EE17-4970-459F-9AA67EA23261}" = CCC Help Turkish
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5AA617AF-A4A4-AA20-E81D-EA14F585FB6A}" = CCC Help Swedish
"{5D629C4C-1EB4-5436-FA1C-15878067257F}" = CCC Help Danish
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6544BC7B-158C-88EB-9D63-2C37347A4902}" = CCC Help Finnish
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{7980631D-6A17-EF85-2D95-6F77E0B586AD}" = CCC Help Dutch
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): THE GAME
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83361668-9E22-4DBC-810A-148014EF71B3}" = FastPictureViewer WIC Codec Pack 1.62
"{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}" = Adobe Creative Suite 4 Design Premium
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9EF7918F-6283-48D4-8648-9FE84BE9FB41}" = The Orange Box
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.3 - Czech
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67AE61E-640C-358A-CF8A-4883C03F1E80}" = CCC Help Russian
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF5CFD2D-D057-4A98-962F-3FEE6F4580EF}" = CrazyTalk Avatar Creator
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = iSlim 320
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{cd8b5019-fd26-4b8e-b3e5-2ca678337a1c}" = Nero 9 Trial
"{CE898A54-E9BB-4F4E-26A6-DBCF9F8DE5A2}" = CCC Help Czech
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D3795283-6113-42A2-9963-B33C26FB5D24}" = WebMate
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F681E38A-E0EF-21F8-B787-B62332B45555}" = CCC Help Norwegian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"74713dea" = Contextual Tool Yourprofitclub
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b421102ce31f2649ef3785f2a17166f" = Adobe Creative Suite 4 Design Premium
"Akamai" = Akamai NetSession Interface
"Alone In The Dark_is1" = Alone In The Dark
"avast5" = avast! Free Antivirus
"BitSpirit_is1" = BitSpirit v3.6.0.330 Stable
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Crazy Machines New from the Lab1.231" = Crazy Machines New from the Lab
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defcon_is1" = Defcon v1.6
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DFusionWeb" = Total Immersion D'Fusion Web Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Episode 1" = Back to the Future The Game - Episode 1
"ffdshow_is1" = ffdshow [rev 3189] [2010-01-09]
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"ie_Tron_Screensaver_1024x768" = ie_Tron_Screensaver_1024x768
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers(TM) - War for Cybertron(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Mp3tag" = Mp3tag v2.47b
"OnLive" = OnLive
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"Postal 2_is1" = Portal 2
"Psi" = Psi (remove only)
"rajče.net_is1" = rajče verze 58 sestavení 205
"rayatitray" = Ray Adams ATI Tray Tools
"RaybanMirror" = Ray-Ban Virtual Mirror
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 11020" = TrackMania Nations Forever
"Steam App 39000" = Moonbase Alpha
"Steam App 50130" = Mafia II
"Steam App 57900" = Duke Nukem Forever
"Stellarium_is1" = Stellarium 0.10.6.1
"Totalcmd" = Total Commander (Remove or Repair)
"Universe Sandbox" = Universe Sandbox
"VLC media player" = VLC media player 1.1.6
"Winamp" = Winamp
"WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"WinPcapInst" = WinPcap 4.0.2
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.21
"Zombie Driver" = Zombie Driver 1.0.3
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 2.2.2010 17:56:30 | Computer Name = Lukáš-PC | Source = avast! | ID = 33554522
Description =
Error - 31.3.2010 17:02:56 | Computer Name = Lukáš-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 5.6.2011 12:54:51 | Computer Name = Lukáš-PC | Source = VSS | ID = 8194
Description =
Error - 5.6.2011 17:29:27 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 7.6.2011 8:37:39 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 7.6.2011 14:37:11 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: xul.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6a921 Kód výjimky: 0xc0000005 Posun chyby: 0x009becbc ID chybujícího
procesu: 0x1978 Čas spuštění chybující aplikace: 0x01cc2541dba6179d Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID zprávy: 2786ebb4-9135-11e0-bb40-0050fca1872d
Error - 8.6.2011 18:46:16 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: sidebar.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bc9e1 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000374 Posun chyby: 0x00000000000c6ab2
ID
chybujícího procesu: 0xca8 Čas spuštění chybující aplikace: 0x01cc25be16d83a45 Cesta
k chybující aplikaci: C:\Program Files\Windows Sidebar\sidebar.exe Cesta k chybujícímu
modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 1df8bb0d-9221-11e0-b32e-0050fca1872d
Error - 9.6.2011 15:42:29 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: sidebar.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bc9e1 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000000316ff
ID
chybujícího procesu: 0xb54 Čas spuštění chybující aplikace: 0x01cc26895b679df8 Cesta
k chybující aplikaci: C:\Program Files\Windows Sidebar\sidebar.exe Cesta k chybujícímu
modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 9c05d932-92d0-11e0-a3fe-0050fca1872d
Error - 10.6.2011 17:53:07 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 12.6.2011 10:23:15 | Computer Name = Lukáš-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.
Error - 13.6.2011 12:01:04 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: mozalloc.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6994f Kód výjimky: 0x80000003 Posun chyby: 0x00001a39 ID chybujícího
procesu: 0x15a8 Čas spuštění chybující aplikace: 0x01cc29e2f4500b64 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll ID zprávy: 56d75a62-95d6-11e0-81c0-0050fca1872d
Error - 13.6.2011 12:02:29 | Computer Name = Lukáš-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 2.0.1.4120,
časové razítko: 0x4da6a99c Název chybujícího modulu: xul.dll, verze: 2.0.1.4120,
časové razítko: 0x4da6a921 Kód výjimky: 0xc0000005 Posun chyby: 0x009becbc ID chybujícího
procesu: 0x173c Čas spuštění chybující aplikace: 0x01cc29e32b6abcf6 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID zprávy: 89a361d8-95d6-11e0-81c0-0050fca1872d
[ Media Center Events ]
Error - 5.3.2010 15:55:32 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 20:55:32 - Chyba při připojování k Internetu 20:55:32 - Nelze kontaktovat
server..
Error - 5.3.2010 15:56:02 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 20:56:01 - Chyba při připojování k Internetu 20:56:01 - Nelze kontaktovat
server..
Error - 5.3.2010 16:56:34 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 21:56:34 - Chyba při připojování k Internetu 21:56:34 - Nelze kontaktovat
server..
Error - 5.3.2010 16:57:05 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 21:57:04 - Chyba při připojování k Internetu 21:57:04 - Nelze kontaktovat
server..
Error - 6.3.2010 12:00:39 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 17:00:39 - Chyba při připojování k Internetu 17:00:39 - Nelze kontaktovat
server..
Error - 6.3.2010 12:01:14 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 17:01:08 - Chyba při připojování k Internetu 17:01:08 - Nelze kontaktovat
server..
Error - 7.3.2010 11:06:47 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 16:06:47 - Chyba při připojování k Internetu 16:06:47 - Nelze kontaktovat
server..
Error - 7.3.2010 11:07:22 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 16:07:16 - Chyba při připojování k Internetu 16:07:16 - Nelze kontaktovat
server..
Error - 8.3.2010 7:08:20 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 12:08:20 - Chyba při připojování k Internetu 12:08:20 - Nelze kontaktovat
server..
Error - 8.3.2010 7:08:54 | Computer Name = Lukáš-PC | Source = MCUpdate | ID = 0
Description = 12:08:50 - Chyba při připojování k Internetu 12:08:50 - Nelze kontaktovat
server..
[ System Events ]
Error - 14.6.2011 5:19:54 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:36:37 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7031
Description = Služba Akamai NetSession Interface byla nečekaně ukončena. Stalo se
to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat
službu.
Error - 14.6.2011 5:41:38 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:44:37 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 5:53:00 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: atitray
Error - 14.6.2011 5:53:18 | Computer Name = Lukáš-PC | Source = ipnathlp | ID = 31004
Description =
Error - 14.6.2011 6:00:56 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7031
Description = Služba Akamai NetSession Interface byla nečekaně ukončena. Stalo se
to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat
službu.
Error - 14.6.2011 6:02:16 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7034
Description = Služba SAMSUNG AllShare Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.
Error - 14.6.2011 6:07:38 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 14.6.2011 6:10:34 | Computer Name = Lukáš-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
< End of report >
Re: Napadený firefox
OTL logfile created on: 14.6.2011 12:34:48 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Lukáš\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,02% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,64 Gb Total Space | 128,02 Gb Free Space | 18,32% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 951,05 Gb Free Space | 51,05% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 147,83 Gb Free Space | 21,16% Space Free | Partition Type: NTFS
Drive G: | 931,50 Gb Total Space | 36,27 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Computer Name: LUKÁŠ-PC | User Name: Lukáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
PRC - [2011.05.25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.01.30 17:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.05 13:22:24 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.12.15 07:17:40 | 000,658,432 | ---- | M] (Ray Adams) -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2009.11.26 17:45:54 | 000,361,976 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
PRC - [2009.11.26 17:44:46 | 005,129,128 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
========== Modules (SafeList) ==========
MOD - [2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
MOD - [2011.01.20 10:42:54 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.12.14 12:12:00 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009.06.10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.01.26 18:27:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.25 05:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.18 09:05:10 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.04.16 11:15:59 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.05 13:22:24 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.03.22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 18:25:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.26 17:47:06 | 000,894,480 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.15 10:06:12 | 002,233,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 10:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.12.22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.08.03 16:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.06.05 13:22:25 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.05 13:22:23 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.05 13:22:16 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.05 13:22:07 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.12.23 23:43:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.25 05:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) Protokol RMP (Reliable Multicast Protocol)
DRV:64bit: - [2009.06.27 18:30:24 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gHidPnp.sys -- (gHidPnp)
DRV:64bit: - [2009.06.25 18:03:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gMouUsb.sys -- (gMouUsb)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.03.31 17:42:48 | 000,614,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007.03.19 17:02:32 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.12.23 15:25:30 | 000,021,504 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys -- (atitray)
DRV - [2009.08.22 20:25:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 87 3C BE DC 37 CB 01 [binary data]
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@mask-myip.com:1.0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.23 23:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.07 20:04:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.19 21:31:44 | 000,000,000 | ---D | M]
[2010.08.20 18:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Extensions
[2010.08.20 18:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2011.05.12 17:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions
[2011.03.13 11:52:12 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.03.13 11:52:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.02 18:19:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.09.17 16:56:13 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\cs@dictionaries.addons.mozilla.org
[2011.02.23 12:19:58 | 000,000,000 | ---D | M] (Mask My IP) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com
[2009.12.31 01:45:10 | 000,000,938 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\facebook.xml
[2011.06.07 22:32:27 | 000,004,873 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\isohunt---bt-search.xml
[2009.12.30 20:32:06 | 000,001,699 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\sfd.xml
[2010.02.15 19:17:21 | 000,001,605 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\the-pirate-bay.xml
[2010.10.01 20:00:37 | 000,001,330 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\wikipedia-en.xml
[2011.06.07 20:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.06.05 19:12:46 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}
[2010.08.31 17:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.23 23:04:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 18:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 14:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 10:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.19 11:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CS@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CHANGE-SEARCH-SHORTCUT@SKAGON.COM.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\SUPPORT@MASK-MYIP.COM
[2011.04.14 18:38:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.04 02:48:28 | 001,298,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\nptidfusionplugin.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.06.14 11:19:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} http://www.weareautobots.com/ww/plugin/ ... taller.exe (CDFusionActiveXCtl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.iamironman2.com/plugin/DFusi ... taller.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.06.14 12:32:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
[2011.06.14 11:19:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.14 11:09:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.14 11:09:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.14 11:09:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.14 11:09:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.14 11:09:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.14 11:04:06 | 004,121,321 | R--- | C] (Swearware) -- C:\Users\Lukáš\Desktop\ComboFix.exe
[2011.06.11 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Lukáš\Documents\Duke Nukem Forever
[2011.06.08 15:13:51 | 000,000,000 | ---D | C] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2011.06.08 15:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
[2011.06.14 12:00:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 12:00:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 11:53:07 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.06.14 11:53:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.14 11:53:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.14 11:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.14 11:51:55 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.14 11:19:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.06.14 11:05:04 | 004,121,321 | R--- | M] (Swearware) -- C:\Users\Lukáš\Desktop\ComboFix.exe
[2011.06.14 11:03:57 | 001,007,120 | ---- | M] () -- C:\Users\Lukáš\Desktop\rkill.com
[2011.06.14 10:56:24 | 000,029,124 | ---- | M] () -- C:\Users\Lukáš\Desktop\Výstřižek.JPG
[2011.06.11 10:54:07 | 000,000,221 | ---- | M] () -- C:\Users\Lukáš\Desktop\Duke Nukem Forever.url
[2011.06.08 17:11:11 | 000,002,401 | ---- | M] () -- C:\Users\Lukáš\Desktop\Google Chrome.lnk
[2011.06.08 11:26:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.06.14 11:09:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.14 11:09:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.14 11:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.14 11:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.14 11:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.14 11:03:38 | 001,007,120 | ---- | C] () -- C:\Users\Lukáš\Desktop\rkill.com
[2011.06.14 10:56:24 | 000,029,124 | ---- | C] () -- C:\Users\Lukáš\Desktop\Výstřižek.JPG
[2011.06.11 10:54:07 | 000,000,221 | ---- | C] () -- C:\Users\Lukáš\Desktop\Duke Nukem Forever.url
[2011.06.07 20:04:56 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.27 16:30:13 | 000,000,091 | ---- | C] () -- C:\Windows\night.ini
[2011.04.18 17:43:32 | 001,541,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.31 15:32:08 | 000,000,184 | ---- | C] () -- C:\Users\Lukáš\AppData\Roaming\974fc1c4.dat
[2011.01.22 15:06:40 | 000,001,901 | ---- | C] () -- C:\Windows\panose.bin
[2011.01.22 15:02:54 | 000,042,483 | ---- | C] () -- C:\Windows\ICCCODES.DAT
[2011.01.22 15:02:54 | 000,039,095 | ---- | C] () -- C:\Windows\Iccsigs.dat
[2011.01.22 15:02:54 | 000,000,156 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011.01.22 15:02:42 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2010.08.07 19:02:56 | 000,000,058 | ---- | C] () -- C:\Windows\RegDefrag.ini
[2010.04.09 20:53:50 | 000,003,584 | ---- | C] () -- C:\Users\Lukáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.09 15:31:51 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.01 19:55:19 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.01.01 19:48:52 | 000,001,978 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2009.12.23 20:13:15 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.12.22 19:34:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
========== LOP Check ==========
[2011.05.19 10:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\.minecraft
[2011.01.04 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Acronis
[2011.03.22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\AnvSoft
[2009.12.28 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\BitSpirit
[2010.11.17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\com.adobe.ExMan
[2010.03.24 21:17:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\cYo
[2009.12.24 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
[2010.01.16 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Fit3DLive
[2009.12.23 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\GHISLER
[2010.12.26 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\gnupg
[2011.05.14 00:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ICQ
[2011.03.01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\IPSnooper
[2010.07.04 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\JPEGsnoop
[2011.02.23 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\MaskMyIP
[2010.01.09 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Control
[2011.01.12 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mp3tag
[2011.05.12 17:48:25 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\ms-drivers
[2010.10.04 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OnLive App
[2010.08.20 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OpenVPN Technologies
[2010.01.16 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Opera
[2011.01.07 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Rovio
[2010.05.28 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Stellarium
[2011.02.18 04:50:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\System
[2011.02.27 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\The Creative Assembly
[2010.01.16 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Total Immersion
[2011.06.08 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2010.02.11 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Unity
[2011.02.22 17:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Wireshark
[2011.05.05 22:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\wyUpdate AU
[2011.03.04 15:10:18 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AtiTrayTools" = "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" -- [2009.12.15 07:17:40 | 000,658,432 | ---- | M] (Ray Adams)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.19 10:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\.minecraft
[2011.01.04 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Acronis
[2010.01.27 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Adobe
[2011.03.22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\AnvSoft
[2009.12.22 19:50:22 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ATI
[2009.12.23 15:28:00 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\atitray
[2009.12.28 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\BitSpirit
[2010.11.17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\com.adobe.ExMan
[2010.01.15 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\CyberLink
[2010.03.24 21:17:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\cYo
[2009.12.24 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
[2010.12.27 14:54:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Download Manager
[2010.07.04 00:09:21 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\dvdcss
[2010.01.16 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Fit3DLive
[2009.12.23 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\GHISLER
[2010.12.26 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\gnupg
[2010.11.28 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Google
[2011.05.14 00:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ICQ
[2009.12.22 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Identities
[2009.12.23 17:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\InstallShield
[2011.03.01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\IPSnooper
[2010.07.04 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\JPEGsnoop
[2009.12.22 19:45:04 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Macromedia
[2011.02.23 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\MaskMyIP
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Center Programs
[2010.01.09 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Control
[2010.11.16 19:33:02 | 000,000,000 | --SD | M] -- C:\Users\Lukáš\AppData\Roaming\Microsoft
[2009.12.22 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mozilla
[2011.01.12 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mp3tag
[2011.05.12 17:48:25 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\ms-drivers
[2010.01.15 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Nero
[2010.10.04 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OnLive App
[2010.08.20 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OpenVPN Technologies
[2010.01.16 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Opera
[2010.01.01 19:41:11 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Reallusion
[2011.01.07 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Rovio
[2010.12.26 22:51:30 | 000,000,000 | RH-D | M] -- C:\Users\Lukáš\AppData\Roaming\SecuROM
[2010.05.28 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Stellarium
[2011.02.18 04:50:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\System
[2011.02.27 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\The Creative Assembly
[2010.01.16 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Total Immersion
[2011.06.08 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2010.02.11 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Unity
[2011.05.31 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\vlc
[2011.04.04 01:40:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Winamp
[2009.12.23 23:46:05 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\WinRAR
[2011.02.22 17:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Wireshark
[2011.05.05 22:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\wyUpdate AU
< %APPDATA%\*.exe /s >
[2009.12.22 19:49:53 | 000,010,134 | R--- | M] () -- C:\Users\Lukáš\AppData\Roaming\Microsoft\Installer\{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}\ARPPRODUCTICON.exe
[2010.07.11 00:50:59 | 000,010,134 | R--- | M] () -- C:\Users\Lukáš\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2010.03.22 15:53:24 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: AHCIX86S.SYS >
[2009.12.23 18:25:47 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Lukáš\Downloads\RAID_SB6xx_Win7\32\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011.03.11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.04.09 13:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.04.09 09:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.06.14 11:52:50 | 029,835,115 | ---- | M] () -- C:\Windows\SysWOW64\http_ss.log
[2011.06.14 11:52:43 | 000,000,074 | ---- | M] () -- C:\Windows\SysWOW64\log.log
========== Files - Unicode (All) ==========
[2010.06.11 19:39:58 | 000,000,000 | ---D | M](C:\Users\Luk?a\AppData\Roaming\Total Immersion) -- C:\Users\Luk£a\AppData\Roaming\Total Immersion
========== Alternate Data Streams ==========
@Alternate Data Stream - 278 bytes -> C:\Users\Lukáš\Desktop\bsg-exodus-rules.pdf:ComicRackInfo
@Alternate Data Stream - 276 bytes -> C:\Users\Lukáš\Desktop\CENIK_RAINLINE_07_10-web.pdf:ComicRackInfo
@Alternate Data Stream - 275 bytes -> C:\Users\Lukáš\Desktop\ceník - okapy.pdf:ComicRackInfo
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8331D35A
< End of report >
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Lukáš\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,02% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,64 Gb Total Space | 128,02 Gb Free Space | 18,32% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 951,05 Gb Free Space | 51,05% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 147,83 Gb Free Space | 21,16% Space Free | Partition Type: NTFS
Drive G: | 931,50 Gb Total Space | 36,27 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Computer Name: LUKÁŠ-PC | User Name: Lukáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
PRC - [2011.05.25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.01.30 17:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.05 13:22:24 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.12.15 07:17:40 | 000,658,432 | ---- | M] (Ray Adams) -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2009.11.26 17:45:54 | 000,361,976 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
PRC - [2009.11.26 17:44:46 | 005,129,128 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
========== Modules (SafeList) ==========
MOD - [2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
MOD - [2011.01.20 10:42:54 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.12.14 12:12:00 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009.06.10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.01.26 18:27:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.25 05:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.18 09:05:10 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.04.16 11:15:59 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.05 13:22:24 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.03.22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 18:25:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.26 17:47:06 | 000,894,480 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.15 10:06:12 | 002,233,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 10:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.12.22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.08.03 16:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.06.05 13:22:25 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.05 13:22:23 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.05 13:22:16 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.05 13:22:07 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.12.23 23:43:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.25 05:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) Protokol RMP (Reliable Multicast Protocol)
DRV:64bit: - [2009.06.27 18:30:24 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gHidPnp.sys -- (gHidPnp)
DRV:64bit: - [2009.06.25 18:03:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gMouUsb.sys -- (gMouUsb)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.03.31 17:42:48 | 000,614,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007.03.19 17:02:32 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.12.23 15:25:30 | 000,021,504 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys -- (atitray)
DRV - [2009.08.22 20:25:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 87 3C BE DC 37 CB 01 [binary data]
IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@mask-myip.com:1.0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.23 23:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.07 20:04:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.19 21:31:44 | 000,000,000 | ---D | M]
[2010.08.20 18:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Extensions
[2010.08.20 18:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2011.05.12 17:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions
[2011.03.13 11:52:12 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.03.13 11:52:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.02 18:19:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.09.17 16:56:13 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\cs@dictionaries.addons.mozilla.org
[2011.02.23 12:19:58 | 000,000,000 | ---D | M] (Mask My IP) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com
[2009.12.31 01:45:10 | 000,000,938 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\facebook.xml
[2011.06.07 22:32:27 | 000,004,873 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\isohunt---bt-search.xml
[2009.12.30 20:32:06 | 000,001,699 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\sfd.xml
[2010.02.15 19:17:21 | 000,001,605 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\the-pirate-bay.xml
[2010.10.01 20:00:37 | 000,001,330 | ---- | M] () -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\searchplugins\wikipedia-en.xml
[2011.06.07 20:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.06.05 19:12:46 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{340a53da-0352-65e9-323d-9a1c6325586f}
[2010.08.31 17:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.23 23:04:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 18:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 14:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 10:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.19 11:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CS@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CHANGE-SEARCH-SHORTCUT@SKAGON.COM.XPI
File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\SUPPORT@MASK-MYIP.COM
[2011.04.14 18:38:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.04 02:48:28 | 001,298,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\nptidfusionplugin.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.06.14 11:19:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} http://www.weareautobots.com/ww/plugin/ ... taller.exe (CDFusionActiveXCtl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.iamironman2.com/plugin/DFusi ... taller.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.06.14 12:32:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
[2011.06.14 11:19:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.14 11:09:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.14 11:09:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.14 11:09:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.14 11:09:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.14 11:09:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.14 11:04:06 | 004,121,321 | R--- | C] (Swearware) -- C:\Users\Lukáš\Desktop\ComboFix.exe
[2011.06.11 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Lukáš\Documents\Duke Nukem Forever
[2011.06.08 15:13:51 | 000,000,000 | ---D | C] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2011.06.08 15:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.06.14 12:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lukáš\Desktop\OTL.exe
[2011.06.14 12:00:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 12:00:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 11:53:07 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.06.14 11:53:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.14 11:53:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.14 11:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.14 11:51:55 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.14 11:19:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.06.14 11:05:04 | 004,121,321 | R--- | M] (Swearware) -- C:\Users\Lukáš\Desktop\ComboFix.exe
[2011.06.14 11:03:57 | 001,007,120 | ---- | M] () -- C:\Users\Lukáš\Desktop\rkill.com
[2011.06.14 10:56:24 | 000,029,124 | ---- | M] () -- C:\Users\Lukáš\Desktop\Výstřižek.JPG
[2011.06.11 10:54:07 | 000,000,221 | ---- | M] () -- C:\Users\Lukáš\Desktop\Duke Nukem Forever.url
[2011.06.08 17:11:11 | 000,002,401 | ---- | M] () -- C:\Users\Lukáš\Desktop\Google Chrome.lnk
[2011.06.08 11:26:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.06.14 11:09:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.14 11:09:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.14 11:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.14 11:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.14 11:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.14 11:03:38 | 001,007,120 | ---- | C] () -- C:\Users\Lukáš\Desktop\rkill.com
[2011.06.14 10:56:24 | 000,029,124 | ---- | C] () -- C:\Users\Lukáš\Desktop\Výstřižek.JPG
[2011.06.11 10:54:07 | 000,000,221 | ---- | C] () -- C:\Users\Lukáš\Desktop\Duke Nukem Forever.url
[2011.06.07 20:04:56 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.27 16:30:13 | 000,000,091 | ---- | C] () -- C:\Windows\night.ini
[2011.04.18 17:43:32 | 001,541,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.31 15:32:08 | 000,000,184 | ---- | C] () -- C:\Users\Lukáš\AppData\Roaming\974fc1c4.dat
[2011.01.22 15:06:40 | 000,001,901 | ---- | C] () -- C:\Windows\panose.bin
[2011.01.22 15:02:54 | 000,042,483 | ---- | C] () -- C:\Windows\ICCCODES.DAT
[2011.01.22 15:02:54 | 000,039,095 | ---- | C] () -- C:\Windows\Iccsigs.dat
[2011.01.22 15:02:54 | 000,000,156 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011.01.22 15:02:42 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2010.08.07 19:02:56 | 000,000,058 | ---- | C] () -- C:\Windows\RegDefrag.ini
[2010.04.09 20:53:50 | 000,003,584 | ---- | C] () -- C:\Users\Lukáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.09 15:31:51 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.01 19:55:19 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.01.01 19:48:52 | 000,001,978 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2009.12.23 20:13:15 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.12.22 19:34:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
========== LOP Check ==========
[2011.05.19 10:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\.minecraft
[2011.01.04 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Acronis
[2011.03.22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\AnvSoft
[2009.12.28 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\BitSpirit
[2010.11.17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\com.adobe.ExMan
[2010.03.24 21:17:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\cYo
[2009.12.24 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
[2010.01.16 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Fit3DLive
[2009.12.23 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\GHISLER
[2010.12.26 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\gnupg
[2011.05.14 00:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ICQ
[2011.03.01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\IPSnooper
[2010.07.04 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\JPEGsnoop
[2011.02.23 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\MaskMyIP
[2010.01.09 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Control
[2011.01.12 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mp3tag
[2011.05.12 17:48:25 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\ms-drivers
[2010.10.04 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OnLive App
[2010.08.20 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OpenVPN Technologies
[2010.01.16 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Opera
[2011.01.07 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Rovio
[2010.05.28 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Stellarium
[2011.02.18 04:50:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\System
[2011.02.27 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\The Creative Assembly
[2010.01.16 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Total Immersion
[2011.06.08 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2010.02.11 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Unity
[2011.02.22 17:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Wireshark
[2011.05.05 22:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\wyUpdate AU
[2011.03.04 15:10:18 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AtiTrayTools" = "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" -- [2009.12.15 07:17:40 | 000,658,432 | ---- | M] (Ray Adams)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.19 10:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\.minecraft
[2011.01.04 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Acronis
[2010.01.27 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Adobe
[2011.03.22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\AnvSoft
[2009.12.22 19:50:22 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ATI
[2009.12.23 15:28:00 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\atitray
[2009.12.28 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\BitSpirit
[2010.11.17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\com.adobe.ExMan
[2010.01.15 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\CyberLink
[2010.03.24 21:17:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\cYo
[2009.12.24 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
[2010.12.27 14:54:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Download Manager
[2010.07.04 00:09:21 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\dvdcss
[2010.01.16 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Fit3DLive
[2009.12.23 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\GHISLER
[2010.12.26 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\gnupg
[2010.11.28 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Google
[2011.05.14 00:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ICQ
[2009.12.22 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Identities
[2009.12.23 17:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\InstallShield
[2011.03.01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\IPSnooper
[2010.07.04 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\JPEGsnoop
[2009.12.22 19:45:04 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Macromedia
[2011.02.23 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\MaskMyIP
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Center Programs
[2010.01.09 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Media Control
[2010.11.16 19:33:02 | 000,000,000 | --SD | M] -- C:\Users\Lukáš\AppData\Roaming\Microsoft
[2009.12.22 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mozilla
[2011.01.12 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Mp3tag
[2011.05.12 17:48:25 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\ms-drivers
[2010.01.15 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Nero
[2010.10.04 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OnLive App
[2010.08.20 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\OpenVPN Technologies
[2010.01.16 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Opera
[2010.01.01 19:41:11 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Reallusion
[2011.01.07 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Rovio
[2010.12.26 22:51:30 | 000,000,000 | RH-D | M] -- C:\Users\Lukáš\AppData\Roaming\SecuROM
[2010.05.28 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Stellarium
[2011.02.18 04:50:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\System
[2011.02.27 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\The Creative Assembly
[2010.01.16 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Total Immersion
[2011.06.08 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft
[2010.02.11 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Unity
[2011.05.31 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\vlc
[2011.04.04 01:40:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Winamp
[2009.12.23 23:46:05 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\WinRAR
[2011.02.22 17:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Wireshark
[2011.05.05 22:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Lukáš\AppData\Roaming\wyUpdate AU
< %APPDATA%\*.exe /s >
[2009.12.22 19:49:53 | 000,010,134 | R--- | M] () -- C:\Users\Lukáš\AppData\Roaming\Microsoft\Installer\{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}\ARPPRODUCTICON.exe
[2010.07.11 00:50:59 | 000,010,134 | R--- | M] () -- C:\Users\Lukáš\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2010.03.22 15:53:24 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\iey3hfy3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: AHCIX86S.SYS >
[2009.12.23 18:25:47 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Lukáš\Downloads\RAID_SB6xx_Win7\32\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011.03.11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.04.09 13:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.04.09 09:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.06.14 11:52:50 | 029,835,115 | ---- | M] () -- C:\Windows\SysWOW64\http_ss.log
[2011.06.14 11:52:43 | 000,000,074 | ---- | M] () -- C:\Windows\SysWOW64\log.log
========== Files - Unicode (All) ==========
[2010.06.11 19:39:58 | 000,000,000 | ---D | M](C:\Users\Luk?a\AppData\Roaming\Total Immersion) -- C:\Users\Luk£a\AppData\Roaming\Total Immersion
========== Alternate Data Streams ==========
@Alternate Data Stream - 278 bytes -> C:\Users\Lukáš\Desktop\bsg-exodus-rules.pdf:ComicRackInfo
@Alternate Data Stream - 276 bytes -> C:\Users\Lukáš\Desktop\CENIK_RAINLINE_07_10-web.pdf:ComicRackInfo
@Alternate Data Stream - 275 bytes -> C:\Users\Lukáš\Desktop\ceník - okapy.pdf:ComicRackInfo
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8331D35A
< End of report >
Re: Napadený firefox
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl IE - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 87 3C BE DC 37 CB 01 [binary data] File not found (No name found) -- File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE} File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389} File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CS@DICTIONARIES.ADDONS.MOZILLA.ORG File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\CHANGE-SEARCH-SHORTCUT@SKAGON.COM.XPI File not found (No name found) -- C:\USERS\LUKáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IEY3HFY3.DEFAULT\EXTENSIONS\SUPPORT@MASK-MYIP.COM FF - prefs.js..extensions.enabledItems: support@mask-myip.com:1.0 [2011.02.23 12:19:58 | 000,000,000 | ---D | M] (Mask My IP) -- C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] @Alternate Data Stream - 278 bytes -> C:\Users\Lukáš\Desktop\bsg-exodus-rules.pdf:ComicRackInfo @Alternate Data Stream - 276 bytes -> C:\Users\Lukáš\Desktop\CENIK_RAINLINE_07_10-web.pdf:ComicRackInfo @Alternate Data Stream - 275 bytes -> C:\Users\Lukáš\Desktop\ceník - okapy.pdf:ComicRackInfo @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8331D35A :services Akamai DRIVER_B gupdate gupdatem :reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- "RemoteControl"=- "LanguageShortcut"=- "Adobe ARM"=- "Adobe Acrobat Speed Launcher"=- "Acrobat Assistant 8.0"=- "Adobe Reader Speed Launcher"=- "SunJavaUpdateSched"=- "AdobeCS4ServiceManager"=- :files C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000UA.job C:\Program Files (x86)\DAEMON Tools Toolbar %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
All processes killed
========== OTL ==========
HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: support@mask-myip.com:1.0 removed from extensions.enabledItems
C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com\chrome folder moved successfully.
C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseData.ini deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
ADS C:\Users\Lukáš\Desktop\bsg-exodus-rules.pdf:ComicRackInfo deleted successfully.
ADS C:\Users\Lukáš\Desktop\CENIK_RAINLINE_07_10-web.pdf:ComicRackInfo deleted successfully.
ADS C:\Users\Lukáš\Desktop\ceník - okapy.pdf:ComicRackInfo deleted successfully.
ADS C:\ProgramData\TEMP:8331D35A deleted successfully.
========== SERVICES/DRIVERS ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
Service DRIVER_B stopped successfully!
Service\Driver key DRIVER_B not found.
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS4ServiceManager deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000Core.job not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000UA.job not found.
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: EWJ
->Temp folder emptied: 0 bytes
User: Games
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 678 bytes
User: Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 120300306 bytes
->Java cache emptied: 6442993 bytes
->FireFox cache emptied: 59797351 bytes
->Google Chrome cache emptied: 360611870 bytes
->Opera cache emptied: 15374959 bytes
->Flash cache emptied: 295371 bytes
User: Luk£a
->Temp folder emptied: 0 bytes
User: Luk£Wᆪsaves
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 537,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: EWJ
User: Games
->Flash cache emptied: 0 bytes
User: Lukáš
->Flash cache emptied: 0 bytes
User: Luk£a
User: Luk£Wᆪsaves
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.24.0 log created on 06142011_135053
Files\Folders moved on Reboot...
C:\Users\Lukáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
HKU\S-1-5-21-4232700249-3018015274-2546475948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: support@mask-myip.com:1.0 removed from extensions.enabledItems
C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com\chrome folder moved successfully.
C:\Users\Lukáš\AppData\Roaming\mozilla\Firefox\Profiles\iey3hfy3.default\extensions\support@mask-myip.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-4232700249-3018015274-2546475948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseData.ini deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
ADS C:\Users\Lukáš\Desktop\bsg-exodus-rules.pdf:ComicRackInfo deleted successfully.
ADS C:\Users\Lukáš\Desktop\CENIK_RAINLINE_07_10-web.pdf:ComicRackInfo deleted successfully.
ADS C:\Users\Lukáš\Desktop\ceník - okapy.pdf:ComicRackInfo deleted successfully.
ADS C:\ProgramData\TEMP:8331D35A deleted successfully.
========== SERVICES/DRIVERS ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
Service DRIVER_B stopped successfully!
Service\Driver key DRIVER_B not found.
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS4ServiceManager deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000Core.job not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232700249-3018015274-2546475948-1000UA.job not found.
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: EWJ
->Temp folder emptied: 0 bytes
User: Games
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 678 bytes
User: Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 120300306 bytes
->Java cache emptied: 6442993 bytes
->FireFox cache emptied: 59797351 bytes
->Google Chrome cache emptied: 360611870 bytes
->Opera cache emptied: 15374959 bytes
->Flash cache emptied: 295371 bytes
User: Luk£a
->Temp folder emptied: 0 bytes
User: Luk£Wᆪsaves
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 537,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: EWJ
User: Games
->Flash cache emptied: 0 bytes
User: Lukáš
->Flash cache emptied: 0 bytes
User: Luk£a
User: Luk£Wᆪsaves
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.24.0 log created on 06142011_135053
Files\Folders moved on Reboot...
C:\Users\Lukáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: Napadený firefox
Jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Napadený firefox
Zatím je vše v pořádku. Děkuji za pomoc. 
Re: Napadený firefox
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /Uninstall
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy,je to z me strany vse 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?