VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Modrá smrt

https://forum.viry.cz:443/viewtopic.php?t=119193

Stránka 8 z 11

Re: Modrá smrt

Napsal: 05 úno 2012 10:08
od karlospatmat
Bluetooth mi vubec nešlo - to původní a chtěl sem jej přeinstalovat, jenže mi nejde ta cd/dvd ram jak jsem poukazoval na začátku, ale zkusil jsem obsah instalačního cd skopírovat na flash disc a z toho udělat opravu instalace napřed to psalo nějakou chybu v ulžení, ale nakone se to povedlo. :) Takže tam mám tu původní verzi co jsem měl, která způsobovala Bsod, ale verze ovladače je 2011, tak snad bude pokoj.

Re: Modrá smrt

Napsal: 05 úno 2012 10:40
od karlospatmat
ComboFix 12-02-05.02 - Martin 05.02.2012 10:15:05.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.2399 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-05 do 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-04 23:40 . 2007-05-11 02:12 38160 ----a-w- c:\windows\system32\drivers\blueletaudio.sys
2012-02-04 23:40 . 2007-03-05 04:48 37648 ----a-w- c:\windows\system32\drivers\BlueletSCOAudio.sys
2012-02-04 23:40 . 2007-03-05 04:47 25360 ----a-w- c:\windows\system32\drivers\BtNetDrv.sys
2012-02-04 23:40 . 2007-03-05 04:44 23184 ----a-w- c:\windows\system32\drivers\VHIDMini.sys
2012-02-04 23:40 . 2007-03-05 04:42 49680 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2012-02-04 23:40 . 2007-03-05 04:41 24976 ----a-w- c:\windows\system32\drivers\VBTEnum.sys
2012-02-04 23:40 . 2007-03-05 04:39 63248 ----a-w- c:\windows\system32\drivers\VcommMgr.sys
2012-02-04 23:40 . 2007-03-05 04:38 47120 ----a-w- c:\windows\system32\drivers\VComm.sys
2012-02-04 23:40 . 2006-10-08 23:29 32832 ----a-w- c:\windows\system32\drivers\BTNetFilter.sys
2012-02-04 23:29 . 2012-02-04 23:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-04 22:15 . 2012-02-04 23:39 -------- d-----w- c:\program files (x86)\IVT Corporation
2012-02-04 19:47 . 2012-02-04 19:47 -------- d-----w- c:\program files (x86)\Clear History
2012-02-04 10:01 . 2012-02-04 10:26 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-04 10:01 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-03 12:15 . 2012-02-03 12:15 -------- d-----w- c:\windows\SysWow64\ivtMobCache
2012-02-03 11:07 . 2012-02-04 17:37 -------- d-----w- C:\Uninstall
2012-02-03 10:08 . 2008-05-07 06:39 66560 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2012-02-03 10:08 . 2008-08-28 11:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files (x86)\Nokia
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files\DIFX
2012-02-02 20:04 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-02-02 20:04 . 2012-02-02 20:04 -------- d-----w- c:\programdata\Installations
2012-02-02 16:42 . 2012-02-02 16:42 -------- d-----w- C:\$AVG
2012-02-02 16:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-02-02 16:32 . 2012-02-02 16:32 -------- d-----w- c:\programdata\Malwarebytes
2012-02-02 16:32 . 2012-02-04 23:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-02 16:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 16:21 . 2011-10-17 14:55 559384 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-01 10:54 . 2012-02-01 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-01 10:54 . 2012-02-01 10:54 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-31 09:32 . 2012-01-31 09:32 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-30 18:04 . 2012-02-02 23:42 -------- d-----w- c:\windows\system32\appmgmt
2012-01-30 13:10 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-01-29 22:11 . 2012-01-29 22:11 -------- d-----w- c:\program files (x86)\Nová složka
2012-01-29 22:04 . 2012-01-30 18:27 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-01-29 21:40 . 2012-01-29 21:40 -------- d-----w- c:\programdata\Innovative Solutions
2012-01-29 21:28 . 2011-10-13 11:10 90112 ----a-w- c:\windows\system32\igfxCoIn_v2555.dll
2012-01-29 21:28 . 2011-10-13 10:30 208896 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-29 21:28 . 2011-10-13 10:30 206336 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-29 21:28 . 2011-10-13 10:30 188416 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-29 21:28 . 2011-10-13 10:30 147456 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-29 21:23 . 2011-07-27 09:28 42888 ----a-w- c:\windows\system32\drivers\btcusb.sys
2012-01-29 21:23 . 2007-05-09 01:00 16144 ----a-w- c:\windows\system32\btinstall.dll
2012-01-29 19:44 . 2012-01-29 19:44 -------- d-----w- c:\windows\system32\Macromed
2012-01-29 19:19 . 2012-01-29 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 18:28 . 2012-01-29 18:28 -------- d-----w- c:\programdata\ASUS
2012-01-29 10:21 . 2012-01-29 10:22 -------- d-----w- C:\MyBootCD
2012-01-28 23:56 . 2012-01-28 23:57 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-01-28 23:56 . 2012-01-29 00:01 -------- d-----w- c:\program files (x86)\Nero
2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\programdata\ashampoo
2012-01-28 23:24 . 2012-01-28 23:37 -------- d-----w- c:\program files (x86)\Ashampoo
2012-01-28 23:17 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-01-28 22:39 . 2012-02-02 17:53 -------- d-----w- c:\program files\trend micro
2012-01-28 22:16 . 2012-01-28 22:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-28 17:26 . 2012-01-28 17:26 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-01-28 17:23 . 2012-01-28 17:32 -------- d-----w- c:\program files (x86)\HWiNFO32
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Symantec
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\windows\system32\drivers\NSSx64
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\Norton Security Scan
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Norton
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-27 20:46 . 2012-01-30 18:30 -------- d-----w- c:\programdata\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\programdata\McAfee
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-27 20:43 . 2012-01-27 20:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-27 16:20 . 2012-01-27 16:20 -------- d-----w- C:\NVIDIA
2012-01-27 15:39 . 2010-12-14 15:34 550512 ----a-w- c:\windows\system32\VIASysFx.dll
2012-01-27 15:39 . 2010-12-14 15:34 993392 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 86640 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 202864 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-01-27 15:39 . 2010-12-14 15:34 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2012-01-27 15:39 . 2010-12-14 15:34 1357424 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-01-27 15:39 . 2010-12-14 15:34 123504 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2012-01-27 15:39 . 2010-12-14 15:34 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2012-01-27 15:39 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-01-27 15:39 . 2012-01-27 15:39 -------- d-----w- c:\program files\CPUID
2012-01-27 15:36 . 2012-01-27 15:37 -------- d-----w- c:\program files (x86)\audio
2012-01-27 15:21 . 2012-01-27 15:21 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-01-27 15:19 . 2012-01-30 18:30 -------- d-----w- c:\programdata\FLEXnet
2012-01-27 15:19 . 2010-06-30 11:02 52736 ----a-w- c:\windows\system32\drivers\btmcom.sys
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Motorola
2012-01-27 15:18 . 2010-07-28 16:52 476928 ----a-w- c:\windows\system32\drivers\btmusb.sys
2012-01-27 15:18 . 2010-07-15 11:22 323848 ----a-w- c:\windows\system32\btmcls.dll
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-01-27 15:08 . 2012-01-27 15:08 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-01-25 20:31 . 2012-01-25 20:31 -------- d-----w- c:\program files (x86)\ESET
2012-01-25 16:07 . 2012-01-25 16:07 243 ----a-w- C:\user.js
2012-01-25 16:07 . 2012-01-25 16:07 -------- d-----w- c:\programdata\Babylon
2012-01-25 16:07 . 2012-01-25 16:07 -------- d-----w- c:\program files\Logon Screen
2012-01-22 20:25 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-01-22 20:24 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-22 20:19 . 2011-11-02 22:08 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-22 20:19 . 2011-11-02 21:09 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-22 20:18 . 2012-01-22 20:21 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-22 13:31 . 2012-01-22 13:31 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-01-22 13:23 . 2012-01-22 13:23 -------- d-----w- c:\program files (x86)\Lamer
2012-01-22 13:14 . 2011-11-28 13:51 33872 ----a-w- c:\windows\system32\drivers\anvsnddrv.sys
2012-01-22 13:14 . 2011-11-28 13:51 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-01-22 13:14 . 2011-11-28 13:51 632832 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-01-22 13:14 . 2011-11-28 13:51 143872 ----a-w- c:\windows\SysWow64\xvid.ax
2012-01-22 13:11 . 2012-01-22 13:27 -------- d-----w- c:\program files (x86)\AnvSoft
2012-01-22 13:09 . 2012-01-22 13:09 -------- d-----w- c:\program files (x86)\Conduit
2012-01-22 12:55 . 2012-01-22 12:55 -------- d-----w- c:\windows\system32\SPReview
2012-01-22 11:55 . 2012-01-22 11:55 -------- d-----w- c:\windows\system32\EventProviders
2012-01-22 11:52 . 2010-11-20 13:27 2086912 ----a-w- c:\windows\system32\ole32.dll
2012-01-22 11:51 . 2010-11-20 13:27 1246720 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2012-01-22 11:50 . 2010-11-20 13:27 1808384 ----a-w- c:\windows\system32\pnidui.dll
2012-01-22 11:49 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll
2012-01-22 11:48 . 2010-11-20 13:24 442368 ----a-w- c:\windows\system32\winspool.drv
2012-01-22 11:47 . 2010-11-20 13:28 166784 ----a-w- c:\windows\system32\basecsp.dll
2012-01-22 11:46 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2012-01-22 11:45 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll
2012-01-22 11:44 . 2010-11-20 13:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-01-22 11:44 . 2010-11-20 13:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-01-22 11:44 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:41 6656 ----a-w- c:\windows\system32\drivers\pl-PL\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:38 4608 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbhub.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 14:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-22 14:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-21 19:30 . 2012-01-21 19:30 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-01-21 19:30 . 2012-01-21 19:30 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-12-06 14:55 . 2010-04-20 04:30 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-22 2870896]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-21 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-4-20 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-4-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" -tray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-01-28 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-27 1028096]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 135664]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 135664]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-12-19 30080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-21 1564368]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-08 2123584]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-01-28 c:\windows\Tasks\Norton Security Scan for Martin.job
- c:\progra~2\NORTON~2\Engine\370~1.18\Nss.exe [2012-01-28 10:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\x22ecfqi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=0cdd3cc500000000000000158330973c&q=
FF - prefs.js: network.proxy.http - 58.58.180.122
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0cdd3cc500000000000000158330973c
FF - user.js: extensions.BabylonToolbar_i.hardId - 0cdd3cc500000000000000158330973c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15364
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-02-05 10:28:20
ComboFix-quarantined-files.txt 2012-02-05 09:28
.
Před spuštěním: Volných bajtů: 407 414 321 152
Po spuštění: Volných bajtů: 407 281 987 584
.
- - End Of File - - 22B3C132F1B21A383C54E48795495D2A

Re: Modrá smrt

Napsal: 05 úno 2012 13:25
od Mc_Murphy
:arrow: Odinstaluj MBAM nebo ho alespoň odeber z rezidentní ochrany a ze spouštění po startu systému, jinak Ti bude kolidovat s AVG.
:arrow: Program TuneUp Utilities bych doporučil svižně odinstalovat. Pokud budeš jeho prostřednictvím něco v systému měnit, jsi na nejlepší cestě poškodit systém. Takové jsou naše zkušenosti.
:arrow: Vidím tam složky ESET, Norton Security Scan a McAfee - nainstalované je ale AVG - k čemu to tam máš? Je to odinstalované? Měl bys to dát vše pryč.


:arrow: Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.
  • Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
  • Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\Babylon
c:\program files (x86)\Conduit

File::
c:\windows\msdownld.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Norton Security Scan for Martin.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"=-
"TkBellExe"=-
"QuickTime Task"=-
"UpdateLBPShortCut"=-
"NBAgent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-

DDS::
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe

Firefox::
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\x22ecfqi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100789&ba ... 330973c&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0cdd3cc500000000000000158330973c
FF - user.js: extensions.BabylonToolbar_i.hardId - 0cdd3cc500000000000000158330973c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15364
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - prefs.js: network.proxy.http - 58.58.180.122
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]

Driver::
McComponentHostService
AdobeARMservice
gupdate
gupdatem
NAUpdate

ClearJavaCache::

Reboot::
  • Ulož vytvořený TXT jako CFScript.txt
  • Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
    Obrázek
  • Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
:!: Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

Re: Modrá smrt

Napsal: 05 úno 2012 13:33
od karlospatmat
ten Eset jsem měl jen na test havěti byla to zkušební verze na daný test ani nevím že to tam je. Hned to odstraním. Akorád nevím jak vypnot ten štít u Malware.

Re: Modrá smrt

Napsal: 05 úno 2012 13:44
od chodnik74
Puste si Malwarebytes a v záložce Ochrana :)

Re: Modrá smrt

Napsal: 05 úno 2012 13:46
od Mc_Murphy
:???: A máš je tedy oba - ESET i McAfee odinstalovány? Jestli ne, tak odinstaluj.

:arrow: MBAM - jak píše chodnik74.

Re: Modrá smrt

Napsal: 05 úno 2012 15:03
od karlospatmat
ComboFix 12-02-05.02 - Martin 05.02.2012 13:49:22.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.1953 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\msdownld.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Norton Security Scan for Martin.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\programdata\Babylon
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_McComponentHostService
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-05 do 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 12:58 . 2012-02-05 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 12:58 . 2012-02-05 12:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-04 23:40 . 2007-05-11 02:12 38160 ----a-w- c:\windows\system32\drivers\blueletaudio.sys
2012-02-04 23:40 . 2007-03-05 04:48 37648 ----a-w- c:\windows\system32\drivers\BlueletSCOAudio.sys
2012-02-04 23:40 . 2007-03-05 04:47 25360 ----a-w- c:\windows\system32\drivers\BtNetDrv.sys
2012-02-04 23:40 . 2007-03-05 04:44 23184 ----a-w- c:\windows\system32\drivers\VHIDMini.sys
2012-02-04 23:40 . 2007-03-05 04:42 49680 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2012-02-04 23:40 . 2007-03-05 04:41 24976 ----a-w- c:\windows\system32\drivers\VBTEnum.sys
2012-02-04 23:40 . 2007-03-05 04:39 63248 ----a-w- c:\windows\system32\drivers\VcommMgr.sys
2012-02-04 23:40 . 2007-03-05 04:38 47120 ----a-w- c:\windows\system32\drivers\VComm.sys
2012-02-04 23:40 . 2006-10-08 23:29 32832 ----a-w- c:\windows\system32\drivers\BTNetFilter.sys
2012-02-04 23:29 . 2012-02-04 23:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-04 22:15 . 2012-02-04 23:39 -------- d-----w- c:\program files (x86)\IVT Corporation
2012-02-04 19:47 . 2012-02-04 19:47 -------- d-----w- c:\program files (x86)\Clear History
2012-02-04 10:01 . 2012-02-04 10:26 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-04 10:01 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-03 12:15 . 2012-02-03 12:15 -------- d-----w- c:\windows\SysWow64\ivtMobCache
2012-02-03 11:07 . 2012-02-04 17:37 -------- d-----w- C:\Uninstall
2012-02-03 10:08 . 2008-05-07 06:39 66560 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2012-02-03 10:08 . 2008-08-28 11:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files (x86)\Nokia
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files\DIFX
2012-02-02 20:04 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-02-02 20:04 . 2012-02-02 20:04 -------- d-----w- c:\programdata\Installations
2012-02-02 16:42 . 2012-02-02 16:42 -------- d-----w- C:\$AVG
2012-02-02 16:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-02-02 16:32 . 2012-02-02 16:32 -------- d-----w- c:\programdata\Malwarebytes
2012-02-02 16:32 . 2012-02-04 23:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-02 16:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 16:21 . 2011-10-17 14:55 559384 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-01 10:54 . 2012-02-01 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-01 10:54 . 2012-02-01 10:54 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-31 09:32 . 2012-01-31 09:32 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-30 18:04 . 2012-02-02 23:42 -------- d-----w- c:\windows\system32\appmgmt
2012-01-30 13:10 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-01-29 22:11 . 2012-01-29 22:11 -------- d-----w- c:\program files (x86)\Nová složka
2012-01-29 22:04 . 2012-01-30 18:27 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-01-29 21:40 . 2012-01-29 21:40 -------- d-----w- c:\programdata\Innovative Solutions
2012-01-29 21:28 . 2011-10-13 11:10 90112 ----a-w- c:\windows\system32\igfxCoIn_v2555.dll
2012-01-29 21:28 . 2011-10-13 10:30 208896 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-29 21:28 . 2011-10-13 10:30 206336 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-29 21:28 . 2011-10-13 10:30 188416 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-29 21:28 . 2011-10-13 10:30 147456 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-29 21:23 . 2011-07-27 09:28 42888 ----a-w- c:\windows\system32\drivers\btcusb.sys
2012-01-29 21:23 . 2007-05-09 01:00 16144 ----a-w- c:\windows\system32\btinstall.dll
2012-01-29 19:44 . 2012-01-29 19:44 -------- d-----w- c:\windows\system32\Macromed
2012-01-29 19:19 . 2012-01-29 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 18:28 . 2012-01-29 18:28 -------- d-----w- c:\programdata\ASUS
2012-01-29 10:21 . 2012-01-29 10:22 -------- d-----w- C:\MyBootCD
2012-01-28 23:56 . 2012-01-28 23:57 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-01-28 23:56 . 2012-01-29 00:01 -------- d-----w- c:\program files (x86)\Nero
2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\programdata\ashampoo
2012-01-28 23:24 . 2012-01-28 23:37 -------- d-----w- c:\program files (x86)\Ashampoo
2012-01-28 23:17 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-01-28 22:39 . 2012-02-02 17:53 -------- d-----w- c:\program files\trend micro
2012-01-28 22:16 . 2012-01-28 22:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-28 17:26 . 2012-01-28 17:26 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-01-28 17:23 . 2012-01-28 17:32 -------- d-----w- c:\program files (x86)\HWiNFO32
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Symantec
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\windows\system32\drivers\NSSx64
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\Norton Security Scan
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Norton
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-27 20:46 . 2012-01-30 18:30 -------- d-----w- c:\programdata\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\programdata\McAfee
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-27 20:43 . 2012-01-27 20:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-27 16:20 . 2012-01-27 16:20 -------- d-----w- C:\NVIDIA
2012-01-27 15:39 . 2010-12-14 15:34 550512 ----a-w- c:\windows\system32\VIASysFx.dll
2012-01-27 15:39 . 2010-12-14 15:34 993392 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 86640 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 202864 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-01-27 15:39 . 2010-12-14 15:34 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2012-01-27 15:39 . 2010-12-14 15:34 1357424 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-01-27 15:39 . 2010-12-14 15:34 123504 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2012-01-27 15:39 . 2010-12-14 15:34 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2012-01-27 15:39 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-01-27 15:39 . 2012-01-27 15:39 -------- d-----w- c:\program files\CPUID
2012-01-27 15:36 . 2012-01-27 15:37 -------- d-----w- c:\program files (x86)\audio
2012-01-27 15:21 . 2012-01-27 15:21 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-01-27 15:19 . 2012-01-30 18:30 -------- d-----w- c:\programdata\FLEXnet
2012-01-27 15:19 . 2010-06-30 11:02 52736 ----a-w- c:\windows\system32\drivers\btmcom.sys
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Motorola
2012-01-27 15:18 . 2010-07-28 16:52 476928 ----a-w- c:\windows\system32\drivers\btmusb.sys
2012-01-27 15:18 . 2010-07-15 11:22 323848 ----a-w- c:\windows\system32\btmcls.dll
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-01-27 15:08 . 2012-01-27 15:08 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-01-25 16:07 . 2012-01-25 16:07 243 ----a-w- C:\user.js
2012-01-25 16:07 . 2012-01-25 16:07 -------- d-----w- c:\program files\Logon Screen
2012-01-22 20:25 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-01-22 20:24 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-22 20:19 . 2011-11-02 22:08 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-22 20:19 . 2011-11-02 21:09 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-22 20:18 . 2012-01-22 20:21 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-22 13:31 . 2012-01-22 13:31 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-01-22 13:23 . 2012-01-22 13:23 -------- d-----w- c:\program files (x86)\Lamer
2012-01-22 13:14 . 2011-11-28 13:51 33872 ----a-w- c:\windows\system32\drivers\anvsnddrv.sys
2012-01-22 13:14 . 2011-11-28 13:51 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-01-22 13:14 . 2011-11-28 13:51 632832 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-01-22 13:14 . 2011-11-28 13:51 143872 ----a-w- c:\windows\SysWow64\xvid.ax
2012-01-22 13:11 . 2012-01-22 13:27 -------- d-----w- c:\program files (x86)\AnvSoft
2012-01-22 12:55 . 2012-01-22 12:55 -------- d-----w- c:\windows\system32\SPReview
2012-01-22 11:55 . 2012-01-22 11:55 -------- d-----w- c:\windows\system32\EventProviders
2012-01-22 11:52 . 2010-11-20 13:27 2086912 ----a-w- c:\windows\system32\ole32.dll
2012-01-22 11:51 . 2010-11-20 13:27 1246720 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2012-01-22 11:50 . 2010-11-20 13:27 1808384 ----a-w- c:\windows\system32\pnidui.dll
2012-01-22 11:49 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll
2012-01-22 11:48 . 2010-11-20 13:24 442368 ----a-w- c:\windows\system32\winspool.drv
2012-01-22 11:47 . 2010-11-20 13:28 166784 ----a-w- c:\windows\system32\basecsp.dll
2012-01-22 11:46 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2012-01-22 11:45 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll
2012-01-22 11:44 . 2010-11-20 13:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-01-22 11:44 . 2010-11-20 13:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-01-22 11:44 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:41 6656 ----a-w- c:\windows\system32\drivers\pl-PL\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:38 4608 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbhub.sys.mui
2012-01-22 11:44 . 2010-11-20 13:45 2560 ----a-w- c:\windows\system32\drivers\pl-PL\rdpwd.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 14:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-22 14:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-21 19:30 . 2012-01-21 19:30 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-01-21 19:30 . 2012-01-21 19:30 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-12-06 14:55 . 2010-04-20 04:30 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-05_09.24.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-05 13:03 54076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-21 17:26 . 2012-02-05 13:03 11282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2228829363-2496496693-1347899441-1001_UserData.bin
+ 2012-02-05 13:00 . 2012-02-05 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 08:41 . 2012-02-05 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 08:41 . 2012-02-05 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-05 13:00 . 2012-02-05 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-05 00:39 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-05 12:59 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-05 10:09 . 2012-02-05 10:09 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
- 2012-01-21 19:08 . 2012-01-21 19:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2012-01-21 22:46 . 2012-02-05 12:59 4206788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2228829363-2496496693-1347899441-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-22 2870896]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-4-20 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-4-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" -tray
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-01-28 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-27 1028096]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-12-19 30080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-21 1564368]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-08 2123584]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-01-28 c:\windows\Tasks\Norton Security Scan for Martin.job
- c:\progra~2\NORTON~2\Engine\370~1.18\Nss.exe [2012-01-28 10:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"combofix"="c:\combofix\CF21856.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\x22ecfqi.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete\Command]
@DACL=(02 0000)
@="c:\\Program Files (x86)\\TuneUp Utilities 2012\\Undelete.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension]
@DACL=(02 0000)
@="{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\LightweightCallHandlers\PNIDUI\OnPrivateNetworkAvailable\WMP_OnPrivateNetworkAvailable]
@DACL=(02 0000)
"ExeName"=expand:"\"%programFiles%\\Windows Media Player\\wmpnscfg.exe\""
"Cardinality"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\Uninstalled\ROOT_*ISATAP_0001\Ndi]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{13D0658B-6A17-4953-B0DA-1AE9539E9C60}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="Teredo Tunneling Pseudo-Interface"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000008
"Name"="Připojení k místní síti* 8"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{30B65BB3-9BAE-4EE3-A0BC-E413C87BF468}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000003
"Name"="Připojení k místní síti* 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{36ED9489-9C73-4458-A2F2-7E7F192B8C74}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070e
"DefaultNameIndex"=dword:00000000
"Name"="Bezdrátové připojení k síti"
"PnpInstanceID"="PCI\\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\\001517FFFF24141200"
"MediaSubType"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{43958D57-1C7B-4A7A-BBD7-9FFF6CF46BDD}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000002
"Name"="Připojení k místní síti* 2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5BF54C7E-91DA-457D-80BF-333677D7E316}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000007
"Name"="Připojení k místní síti* 7"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5EAA5506-177E-4700-90D2-11AC0109F05E}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{691BB14B-14BB-40C6-85DA-D4B97CBD56F1}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{636D6038-0200-4937-A55F-2EB1FC74F75D}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070e
"DefaultNameIndex"=dword:00000002
"Name"="Bezdrátové připojení k síti 2"
"PnpInstanceID"="{5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\\VWIFIMP\\5&4240F00&0&01"
"MediaSubType"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000000
"Name"="Připojení k místní síti*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000a
"Name"="Připojení k místní síti* 10"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7BAC7853-28B4-4BEE-8AE2-6EF5348FDD78}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="Připojení k místní síti* 9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7CFB3A70-C84F-4431-BF87-1901F690909F}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070b
"DefaultNameIndex"=dword:00000000
"Name"="Připojení k místní síti"
"PnpInstanceID"="PCI\\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\\FF4F5729485B39FF00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000005
"Name"="Připojení k místní síti* 5"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{905AEDC1-6655-4327-9977-AFD92CF3AC9D}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000710
"DefaultNameIndex"=dword:00000000
"Name"="Síťové připojení Bluetooth"
"PnpInstanceID"="BTH\\MS_BTHPAN\\6&1DDDDB23&0&2"
"MediaSubType"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000006
"Name"="Připojení k místní síti* 6"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A3F3801-F707-4036-A40F-8208AE961F76}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{7CFB3A70-C84F-4431-BF87-1901F690909F}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B78AE537-569D-4644-9EE3-920C330A2F01}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{636D6038-0200-4937-A55F-2EB1FC74F75D}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CF84B042-48BA-48FE-A11B-51023545709B}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070a
"DefaultNameIndex"=dword:00000002
"Name"="Připojení k místní síti 2"
"PnpInstanceID"="ROOT\\NET\\0000"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D97C2A3A-9593-46CB-8AEE-ADDFBE884477}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="isatap.Home"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000004
"Name"="Připojení k místní síti* 4"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E43D242B-9EAB-4626-A952-46649FBB939A}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000b
"Name"="Připojení k místní síti* 11"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e973-e325-11ce-bfc1-08002be10318}\{821D3398-F04E-471E-8D8C-27EE3F5EB428}]
@DACL=(02 0000)
"Characteristics"=dword:00000080
"InfPath"="netmscli.inf"
"InfSection"="MSClient.ndi"
"LocDescription"="@netmscli.inf,%msclient_desc%;Client for Microsoft Networks"
"Description"="Client for Microsoft Networks"
"ComponentId"="ms_msclient"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,1f,00,bb,01
"PrintProviderName"="LanMan Print Services"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrass.inf"
"InfSection"="Ndi-Steelhead"
"LocDescription"="@netrass.inf,%steelhead-dispname%;Steelhead"
"Description"="Steelhead"
"ComponentId"="ms_steelhead"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2d,00,d2,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{56494156-6C00-4B77-90D7-A4A435088232}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netnb.inf"
"InfSection"="NetBIOS.ndi"
"LocDescription"="@netnb.inf,%netbios_desc%;NetBIOS Interface"
"Description"="NetBIOS Interface"
"ComponentId"="MS_NETBIOS"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,1e,00,01,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="netvwififlt.inf"
"InfSection"="Install"
"LocDescription"="@netvwififlt.inf,%vwififlt_desc%;Virtual WiFi Filter Driver"
"Description"="Virtual WiFi Filter Driver"
"ComponentId"="ms_vwifi"
"InstallTimeStamp"=hex:d9,07,07,00,03,00,1d,00,05,00,06,00,27,00,8e,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="netserv.inf"
"InfSection"="Install.ndi"
"LocDescription"="@netserv.inf,%msserver_desc%;File and Printer Sharing for Microsoft Networks"
"Description"="File and Printer Sharing for Microsoft Networks"
"ComponentId"="ms_server"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,20,00,e8,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DAA-4565-8E41-BE220ED60542}]
@DACL=(02 0000)
"Characteristics"=dword:00040000
"InfPath"="netpacer.inf"
"InfSection"="Install"
"LocDescription"="@netpacer.inf,%psched_desc%;QoS Packet Scheduler"
"Description"="QoS Packet Scheduler"
"ComponentId"="ms_pacer"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,39,00,9a,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B70D6460-3635-4D42-B866-B8AB1A24454C}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="wfplwf.inf"
"InfSection"="Install"
"LocDescription"="@wfplwf.inf,%wfplwf_desc%;WFP Lightweight Filter"
"Description"="WFP Lightweight Filter"
"ComponentId"="MS_WfpLwf"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,30,00,47,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{C9548B78-5743-4E64-9BA1-CD4D974A329F}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrass.inf"
"InfSection"="Ndi-RasSrv"
"LocDescription"="@netrass.inf,%rassrv-dispname%;Dial-Up Server"
"Description"="Dial-Up Server"
"ComponentId"="ms_rassrv"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2d,00,84,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="netnwifi.inf"
"InfSection"="MS_NWIFI.Install"
"LocDescription"="@netnwifi.inf,%ms_nwifi.displayname%;NativeWiFi Filter"
"Description"="NativeWiFi Filter"
"ComponentId"="MS_NativeWifiP"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,37,00,02,00,58,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}]
@DACL=(02 0000)
"Characteristics"=dword:00040038
"InfPath"="ndiscap.inf"
"InfSection"="Install"
"LocDescription"="@ndiscap.inf,%ndiscap_desc%;NDIS Capture LightWeight Filter"
"Description"="NDIS Capture LightWeight Filter"
"ComponentId"="MS_NDISCAP"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,26,00,f2,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{F5658C39-CD0D-45B5-A342-E2C037714CE4}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrass.inf"
"InfSection"="Ndi-RasMan"
"LocDescription"="@netrass.inf,%rasman-dispname%;Remote Access Connection Manager"
"Description"="Remote Access Connection Manager"
"ComponentId"="ms_rasman"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,f3,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}]
@DACL=(02 0000)
"Characteristics"=dword:00040000
"InfPath"="oem12.inf"
"InfSection"="Avgfwfd.ndi.NTamd64"
"LocDescription"="@oem12.inf,%avgfwfd_desc%;AVG network filter driver"
"Description"="AVG network filter driver"
"ComponentId"="gr_avgfwfd"
"InstallTimeStamp"=hex:dc,07,01,00,06,00,15,00,12,00,01,00,15,00,4e,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-PppoeProtocol"
"LocDescription"="@netrast.inf,%pppoe-dispname%;Point to Point Protocol Over Ethernet"
"Description"="Point to Point Protocol Over Ethernet"
"ComponentId"="ms_pppoe"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,20,00,fd,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{234991D1-04CC-47F5-A4A9-29808D68765F}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_WINS.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_wins.displayname%;WINS Client(TCP/IP) Protocol"
"Description"="WINS Client(TCP/IP) Protocol"
"ComponentId"="ms_netbt"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,14,00,dc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrast.inf"
"InfSection"="Ndi-PptpProtocol"
"LocDescription"="@netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol"
"Description"="Point to Point Tunneling Protocol"
"ComponentId"="ms_pptp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1f,00,ba,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_TCPIP.Tunnel.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_tcpip.tunnel.displayname%;Internet Protocol (TCP/IP) - Tunnels"
"Description"="Internet Protocol (TCP/IP) - Tunnels"
"ComponentId"="ms_tcpip_tunnel"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,28,00,34,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netip6.inf"
"InfSection"="MS_TCPIP6.Tunnel.Install"
"LocDescription"="@netip6.inf,%ms_tcpip6.tunnel.displayname%;Microsoft TCP/IP version 6 - Tunnels"
"Description"="Microsoft TCP/IP version 6 - Tunnels"
"ComponentId"="ms_tcpip6_tunnel"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,28,00,dc,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="nettcpip.inf"
"InfSection"="MS_NETBT_SMB.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_netbt_smb.displayname%;Message-oriented TCP/IP Protocol (SMB session)"
"Description"="Message-oriented TCP/IP Protocol (SMB session)"
"ComponentId"="ms_netbt_smb"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,14,00,2a,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2BE5AF45-DD00-422F-8484-8370DD108A53}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="ndisuio.inf"
"InfSection"="Install"
"LocDescription"="@ndisuio.inf,%ndisuio_desc%;NDIS Usermode I/O Protocol"
"Description"="NDIS Usermode I/O Protocol"
"ComponentId"="ms_ndisuio"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,17,00,98,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2FF8F288-20AD-41F8-A181-321D0659CA4D}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="rspndr.inf"
"InfSection"="Install"
"LocDescription"="@rspndr.inf,%displayname%;Link-Layer Topology Discovery Responder"
"Description"="Link-Layer Topology Discovery Responder"
"ComponentId"="MS_RSPNDR"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2b,00,2a,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{32345029-1B7D-43AF-B504-E71E5660B2F0}]
@DACL=(02 0000)
"Characteristics"=dword:000000a0
"InfPath"="netip6.inf"
"InfSection"="MS_TCPIP6.Install"
"LocDescription"="@netip6.inf,%ms_tcpip6.displayname%;Internet Protocol Version 6 (TCP/IPv6)"
"Description"="Internet Protocol Version 6 (TCP/IPv6)"
"ComponentId"="ms_tcpip6"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,13,00,c1,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}]
@DACL=(02 0000)
"Characteristics"=dword:000000a0
"InfPath"="nettcpip.inf"
"InfSection"="MS_TCPIP.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_tcpip.displayname%;Internet Protocol Version 4 (TCP/IPv4)"
"Description"="Internet Protocol Version 4 (TCP/IPv4)"
"ComponentId"="ms_tcpip"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,13,00,de,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{633F880E-FFD2-484F-A4CA-EB724F8BC057}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="lltdio.inf"
"InfSection"="Install"
"LocDescription"="@lltdio.inf,%displayname%;Link-Layer Topology Discovery Mapper I/O Driver"
"Description"="Link-Layer Topology Discovery Mapper I/O Driver"
"ComponentId"="MS_LLTDIO"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2b,00,3c,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{69E184C5-2F7C-45D0-8C56-85097BA63C11}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-NdisWan"
"LocDescription"="@netrast.inf,%ndiswan-dispname%;Remote Access NDIS WAN Driver"
"Description"="Remote Access NDIS WAN Driver"
"ComponentId"="ms_ndiswan"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,a5,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netsstpt.inf"
"InfSection"="Ndi-SstpProtocol"
"LocDescription"="@netsstpt.inf,%sstp-dispname%;SSTP based VPN"
"Description"="SSTP based VPN"
"ComponentId"="ms_sstp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1b,00,59,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{7D857581-4BD0-44AB-B87C-921422A69D39}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-Wanarp"
"LocDescription"="@netrast.inf,%wanarp-dispname%;Remote Access IP ARP Driver"
"Description"="Remote Access IP ARP Driver"
"ComponentId"="MS_wanarp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,15,00,6d,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_SMB.Install"
"LocDescription"="@nettcpip.inf,%ms_smb.displayname%;Microsoft NetbiosSmb"
"Description"="Microsoft NetbiosSmb"
"ComponentId"="MS_SMB"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,38,00,86,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{E7AC61F5-4BFE-4254-8889-98A990D174D5}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrast.inf"
"InfSection"="Ndi-L2tpProtocol"
"LocDescription"="@netrast.inf,%l2tp-dispname%;Layer 2 Tunneling Protocol"
"Description"="Layer 2 Tunneling Protocol"
"ComponentId"="ms_l2tp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,41,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-Wanarpv6"
"LocDescription"="@netrast.inf,%wanarpv6-dispname%;Remote Access IPv6 ARP Driver"
"Description"="Remote Access IPv6 ARP Driver"
"ComponentId"="MS_wanarpv6"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,21,00,cf,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F3466C37-54F0-4F42-BD00-818377567D04}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netavpnt.inf"
"InfSection"="Ndi-AgileVpnProtocol"
"LocDescription"="@netavpnt.inf,%agilevpn-dispname%;AgileVpn based VPN"
"Description"="AgileVpn based VPN"
"ComponentId"="ms_agilevpn"
"InstallTimeStamp"=hex:dc,07,01,00,00,00,16,00,10,00,37,00,2a,00,b1,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\ReadyBoot\{2a274310-42d5-4019-b816-e4b8c7abe95c}]
@DACL=(02 0000)
"Enabled"=dword:00000001
"EnableFlags"=dword:00000020
"Status"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\ReadyBoot\{a319d300-015c-48be-acdb-47746e154751}]
@DACL=(02 0000)
"Enabled"=dword:00000001
"Status"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2012-02-05 14:08:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-05 13:08
ComboFix2.txt 2012-02-05 09:28
.
Před spuštěním: Volných bajtů: 407 433 928 704
Po spuštění: Volných bajtů: 407 161 667 584
.
- - End Of File - - DD28772CA464DF2394B8C081D2E3E6ED

Re: Modrá smrt

Napsal: 05 úno 2012 15:04
od karlospatmat
ComboFix 12-02-05.02 - Martin 05.02.2012 13:49:22.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.1953 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\msdownld.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Norton Security Scan for Martin.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\programdata\Babylon
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_McComponentHostService
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-05 do 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 12:58 . 2012-02-05 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 12:58 . 2012-02-05 12:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-04 23:40 . 2007-05-11 02:12 38160 ----a-w- c:\windows\system32\drivers\blueletaudio.sys
2012-02-04 23:40 . 2007-03-05 04:48 37648 ----a-w- c:\windows\system32\drivers\BlueletSCOAudio.sys
2012-02-04 23:40 . 2007-03-05 04:47 25360 ----a-w- c:\windows\system32\drivers\BtNetDrv.sys
2012-02-04 23:40 . 2007-03-05 04:44 23184 ----a-w- c:\windows\system32\drivers\VHIDMini.sys
2012-02-04 23:40 . 2007-03-05 04:42 49680 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2012-02-04 23:40 . 2007-03-05 04:41 24976 ----a-w- c:\windows\system32\drivers\VBTEnum.sys
2012-02-04 23:40 . 2007-03-05 04:39 63248 ----a-w- c:\windows\system32\drivers\VcommMgr.sys
2012-02-04 23:40 . 2007-03-05 04:38 47120 ----a-w- c:\windows\system32\drivers\VComm.sys
2012-02-04 23:40 . 2006-10-08 23:29 32832 ----a-w- c:\windows\system32\drivers\BTNetFilter.sys
2012-02-04 23:29 . 2012-02-04 23:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-04 22:15 . 2012-02-04 23:39 -------- d-----w- c:\program files (x86)\IVT Corporation
2012-02-04 19:47 . 2012-02-04 19:47 -------- d-----w- c:\program files (x86)\Clear History
2012-02-04 10:01 . 2012-02-04 10:26 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-04 10:01 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-03 12:15 . 2012-02-03 12:15 -------- d-----w- c:\windows\SysWow64\ivtMobCache
2012-02-03 11:07 . 2012-02-04 17:37 -------- d-----w- C:\Uninstall
2012-02-03 10:08 . 2008-05-07 06:39 66560 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2012-02-03 10:08 . 2008-08-28 11:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files (x86)\Nokia
2012-02-02 20:05 . 2012-02-02 20:05 -------- d-----w- c:\program files\DIFX
2012-02-02 20:04 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-02-02 20:04 . 2012-02-02 20:04 -------- d-----w- c:\programdata\Installations
2012-02-02 16:42 . 2012-02-02 16:42 -------- d-----w- C:\$AVG
2012-02-02 16:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-02-02 16:32 . 2012-02-02 16:32 -------- d-----w- c:\programdata\Malwarebytes
2012-02-02 16:32 . 2012-02-04 23:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-02 16:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 16:21 . 2011-10-17 14:55 559384 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-01 10:54 . 2012-02-01 10:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-01 10:54 . 2012-02-01 10:54 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-31 09:32 . 2012-01-31 09:32 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-30 18:04 . 2012-02-02 23:42 -------- d-----w- c:\windows\system32\appmgmt
2012-01-30 13:10 . 2012-02-04 17:37 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-01-29 22:11 . 2012-01-29 22:11 -------- d-----w- c:\program files (x86)\Nová složka
2012-01-29 22:04 . 2012-01-30 18:27 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-01-29 21:40 . 2012-01-29 21:40 -------- d-----w- c:\programdata\Innovative Solutions
2012-01-29 21:28 . 2011-10-13 11:10 90112 ----a-w- c:\windows\system32\igfxCoIn_v2555.dll
2012-01-29 21:28 . 2011-10-13 10:30 208896 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-29 21:28 . 2011-10-13 10:30 206336 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-29 21:28 . 2011-10-13 10:30 188416 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-29 21:28 . 2011-10-13 10:30 147456 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-29 21:23 . 2011-07-27 09:28 42888 ----a-w- c:\windows\system32\drivers\btcusb.sys
2012-01-29 21:23 . 2007-05-09 01:00 16144 ----a-w- c:\windows\system32\btinstall.dll
2012-01-29 19:44 . 2012-01-29 19:44 -------- d-----w- c:\windows\system32\Macromed
2012-01-29 19:19 . 2012-01-29 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 18:28 . 2012-01-29 18:28 -------- d-----w- c:\programdata\ASUS
2012-01-29 10:21 . 2012-01-29 10:22 -------- d-----w- C:\MyBootCD
2012-01-28 23:56 . 2012-01-28 23:57 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-01-28 23:56 . 2012-01-29 00:01 -------- d-----w- c:\program files (x86)\Nero
2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\programdata\ashampoo
2012-01-28 23:24 . 2012-01-28 23:37 -------- d-----w- c:\program files (x86)\Ashampoo
2012-01-28 23:17 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-01-28 22:39 . 2012-02-02 17:53 -------- d-----w- c:\program files\trend micro
2012-01-28 22:16 . 2012-01-28 22:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-28 17:26 . 2012-01-28 17:26 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-01-28 17:23 . 2012-01-28 17:32 -------- d-----w- c:\program files (x86)\HWiNFO32
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Symantec
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\windows\system32\drivers\NSSx64
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\Norton Security Scan
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\programdata\Norton
2012-01-28 07:56 . 2012-01-28 07:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-27 20:46 . 2012-01-30 18:30 -------- d-----w- c:\programdata\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\programdata\McAfee
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-01-27 20:46 . 2012-01-27 20:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-27 20:43 . 2012-01-27 20:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-27 16:20 . 2012-01-27 16:20 -------- d-----w- C:\NVIDIA
2012-01-27 15:39 . 2010-12-14 15:34 550512 ----a-w- c:\windows\system32\VIASysFx.dll
2012-01-27 15:39 . 2010-12-14 15:34 993392 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 86640 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 202864 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-01-27 15:39 . 2010-12-14 15:34 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2012-01-27 15:39 . 2010-12-14 15:34 1357424 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-01-27 15:39 . 2010-12-14 15:34 123504 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2012-01-27 15:39 . 2010-12-14 15:34 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2012-01-27 15:39 . 2010-12-14 15:34 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2012-01-27 15:39 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-01-27 15:39 . 2012-01-27 15:39 -------- d-----w- c:\program files\CPUID
2012-01-27 15:36 . 2012-01-27 15:37 -------- d-----w- c:\program files (x86)\audio
2012-01-27 15:21 . 2012-01-27 15:21 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-01-27 15:19 . 2012-01-30 18:30 -------- d-----w- c:\programdata\FLEXnet
2012-01-27 15:19 . 2010-06-30 11:02 52736 ----a-w- c:\windows\system32\drivers\btmcom.sys
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Motorola
2012-01-27 15:18 . 2010-07-28 16:52 476928 ----a-w- c:\windows\system32\drivers\btmusb.sys
2012-01-27 15:18 . 2010-07-15 11:22 323848 ----a-w- c:\windows\system32\btmcls.dll
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-27 15:18 . 2012-01-30 18:30 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-01-27 15:08 . 2012-01-27 15:08 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-01-25 16:07 . 2012-01-25 16:07 243 ----a-w- C:\user.js
2012-01-25 16:07 . 2012-01-25 16:07 -------- d-----w- c:\program files\Logon Screen
2012-01-22 20:25 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-01-22 20:24 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-22 20:19 . 2011-11-02 22:08 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-22 20:19 . 2011-11-02 21:09 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-22 20:18 . 2012-01-22 20:21 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-22 13:31 . 2012-01-22 13:31 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-01-22 13:23 . 2012-01-22 13:23 -------- d-----w- c:\program files (x86)\Lamer
2012-01-22 13:14 . 2011-11-28 13:51 33872 ----a-w- c:\windows\system32\drivers\anvsnddrv.sys
2012-01-22 13:14 . 2011-11-28 13:51 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-01-22 13:14 . 2011-11-28 13:51 632832 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-01-22 13:14 . 2011-11-28 13:51 143872 ----a-w- c:\windows\SysWow64\xvid.ax
2012-01-22 13:11 . 2012-01-22 13:27 -------- d-----w- c:\program files (x86)\AnvSoft
2012-01-22 12:55 . 2012-01-22 12:55 -------- d-----w- c:\windows\system32\SPReview
2012-01-22 11:55 . 2012-01-22 11:55 -------- d-----w- c:\windows\system32\EventProviders
2012-01-22 11:52 . 2010-11-20 13:27 2086912 ----a-w- c:\windows\system32\ole32.dll
2012-01-22 11:51 . 2010-11-20 13:27 1246720 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2012-01-22 11:50 . 2010-11-20 13:27 1808384 ----a-w- c:\windows\system32\pnidui.dll
2012-01-22 11:49 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll
2012-01-22 11:48 . 2010-11-20 13:24 442368 ----a-w- c:\windows\system32\winspool.drv
2012-01-22 11:47 . 2010-11-20 13:28 166784 ----a-w- c:\windows\system32\basecsp.dll
2012-01-22 11:46 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2012-01-22 11:45 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll
2012-01-22 11:44 . 2010-11-20 13:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-01-22 11:44 . 2010-11-20 13:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-01-22 11:44 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbflt.sys.mui
2012-01-22 11:44 . 2010-11-20 13:41 6656 ----a-w- c:\windows\system32\drivers\pl-PL\rdvgkmd.sys.mui
2012-01-22 11:44 . 2010-11-20 13:38 4608 ----a-w- c:\windows\system32\drivers\pl-PL\tsusbhub.sys.mui
2012-01-22 11:44 . 2010-11-20 13:45 2560 ----a-w- c:\windows\system32\drivers\pl-PL\rdpwd.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 14:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-22 14:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-21 19:30 . 2012-01-21 19:30 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-01-21 19:30 . 2012-01-21 19:30 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-12-06 14:55 . 2010-04-20 04:30 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-05_09.24.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-05 13:03 54076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-21 17:26 . 2012-02-05 13:03 11282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2228829363-2496496693-1347899441-1001_UserData.bin
+ 2012-02-05 13:00 . 2012-02-05 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 08:41 . 2012-02-05 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 08:41 . 2012-02-05 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-05 13:00 . 2012-02-05 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-05 00:39 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-05 12:59 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-05 10:09 . 2012-02-05 10:09 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
- 2012-01-21 19:08 . 2012-01-21 19:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2012-01-21 22:46 . 2012-02-05 12:59 4206788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2228829363-2496496693-1347899441-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-22 2870896]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-4-20 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-4-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" -tray
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-01-28 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-27 1028096]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-12-19 30080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-21 1564368]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-08 2123584]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 04:11]
.
2012-01-28 c:\windows\Tasks\Norton Security Scan for Martin.job
- c:\progra~2\NORTON~2\Engine\370~1.18\Nss.exe [2012-01-28 10:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"combofix"="c:\combofix\CF21856.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\x22ecfqi.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete\Command]
@DACL=(02 0000)
@="c:\\Program Files (x86)\\TuneUp Utilities 2012\\Undelete.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension]
@DACL=(02 0000)
@="{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\LightweightCallHandlers\PNIDUI\OnPrivateNetworkAvailable\WMP_OnPrivateNetworkAvailable]
@DACL=(02 0000)
"ExeName"=expand:"\"%programFiles%\\Windows Media Player\\wmpnscfg.exe\""
"Cardinality"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\Uninstalled\ROOT_*ISATAP_0001\Ndi]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{13D0658B-6A17-4953-B0DA-1AE9539E9C60}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="Teredo Tunneling Pseudo-Interface"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000008
"Name"="Připojení k místní síti* 8"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{30B65BB3-9BAE-4EE3-A0BC-E413C87BF468}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000003
"Name"="Připojení k místní síti* 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{36ED9489-9C73-4458-A2F2-7E7F192B8C74}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070e
"DefaultNameIndex"=dword:00000000
"Name"="Bezdrátové připojení k síti"
"PnpInstanceID"="PCI\\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\\001517FFFF24141200"
"MediaSubType"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{43958D57-1C7B-4A7A-BBD7-9FFF6CF46BDD}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000002
"Name"="Připojení k místní síti* 2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5BF54C7E-91DA-457D-80BF-333677D7E316}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000007
"Name"="Připojení k místní síti* 7"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5EAA5506-177E-4700-90D2-11AC0109F05E}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{691BB14B-14BB-40C6-85DA-D4B97CBD56F1}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{636D6038-0200-4937-A55F-2EB1FC74F75D}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070e
"DefaultNameIndex"=dword:00000002
"Name"="Bezdrátové připojení k síti 2"
"PnpInstanceID"="{5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\\VWIFIMP\\5&4240F00&0&01"
"MediaSubType"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000000
"Name"="Připojení k místní síti*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000a
"Name"="Připojení k místní síti* 10"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7BAC7853-28B4-4BEE-8AE2-6EF5348FDD78}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="Připojení k místní síti* 9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7CFB3A70-C84F-4431-BF87-1901F690909F}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070b
"DefaultNameIndex"=dword:00000000
"Name"="Připojení k místní síti"
"PnpInstanceID"="PCI\\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\\FF4F5729485B39FF00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000005
"Name"="Připojení k místní síti* 5"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{905AEDC1-6655-4327-9977-AFD92CF3AC9D}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000710
"DefaultNameIndex"=dword:00000000
"Name"="Síťové připojení Bluetooth"
"PnpInstanceID"="BTH\\MS_BTHPAN\\6&1DDDDB23&0&2"
"MediaSubType"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000006
"Name"="Připojení k místní síti* 6"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A3F3801-F707-4036-A40F-8208AE961F76}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{7CFB3A70-C84F-4431-BF87-1901F690909F}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B78AE537-569D-4644-9EE3-920C330A2F01}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000c
"Name"="isatap.{636D6038-0200-4937-A55F-2EB1FC74F75D}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CF84B042-48BA-48FE-A11B-51023545709B}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:0000070a
"DefaultNameIndex"=dword:00000002
"Name"="Připojení k místní síti 2"
"PnpInstanceID"="ROOT\\NET\\0000"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D97C2A3A-9593-46CB-8AEE-ADDFBE884477}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000009
"Name"="isatap.Home"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:00000004
"Name"="Připojení k místní síti* 4"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E43D242B-9EAB-4626-A952-46649FBB939A}\Connection]
@DACL=(02 0000)
"DefaultNameResourceId"=dword:00000709
"DefaultNameIndex"=dword:0000000b
"Name"="Připojení k místní síti* 11"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e973-e325-11ce-bfc1-08002be10318}\{821D3398-F04E-471E-8D8C-27EE3F5EB428}]
@DACL=(02 0000)
"Characteristics"=dword:00000080
"InfPath"="netmscli.inf"
"InfSection"="MSClient.ndi"
"LocDescription"="@netmscli.inf,%msclient_desc%;Client for Microsoft Networks"
"Description"="Client for Microsoft Networks"
"ComponentId"="ms_msclient"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,1f,00,bb,01
"PrintProviderName"="LanMan Print Services"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrass.inf"
"InfSection"="Ndi-Steelhead"
"LocDescription"="@netrass.inf,%steelhead-dispname%;Steelhead"
"Description"="Steelhead"
"ComponentId"="ms_steelhead"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2d,00,d2,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{56494156-6C00-4B77-90D7-A4A435088232}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netnb.inf"
"InfSection"="NetBIOS.ndi"
"LocDescription"="@netnb.inf,%netbios_desc%;NetBIOS Interface"
"Description"="NetBIOS Interface"
"ComponentId"="MS_NETBIOS"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,1e,00,01,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="netvwififlt.inf"
"InfSection"="Install"
"LocDescription"="@netvwififlt.inf,%vwififlt_desc%;Virtual WiFi Filter Driver"
"Description"="Virtual WiFi Filter Driver"
"ComponentId"="ms_vwifi"
"InstallTimeStamp"=hex:d9,07,07,00,03,00,1d,00,05,00,06,00,27,00,8e,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="netserv.inf"
"InfSection"="Install.ndi"
"LocDescription"="@netserv.inf,%msserver_desc%;File and Printer Sharing for Microsoft Networks"
"Description"="File and Printer Sharing for Microsoft Networks"
"ComponentId"="ms_server"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,20,00,e8,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B5F4D659-7DAA-4565-8E41-BE220ED60542}]
@DACL=(02 0000)
"Characteristics"=dword:00040000
"InfPath"="netpacer.inf"
"InfSection"="Install"
"LocDescription"="@netpacer.inf,%psched_desc%;QoS Packet Scheduler"
"Description"="QoS Packet Scheduler"
"ComponentId"="ms_pacer"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,39,00,9a,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{B70D6460-3635-4D42-B866-B8AB1A24454C}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="wfplwf.inf"
"InfSection"="Install"
"LocDescription"="@wfplwf.inf,%wfplwf_desc%;WFP Lightweight Filter"
"Description"="WFP Lightweight Filter"
"ComponentId"="MS_WfpLwf"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,30,00,47,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{C9548B78-5743-4E64-9BA1-CD4D974A329F}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrass.inf"
"InfSection"="Ndi-RasSrv"
"LocDescription"="@netrass.inf,%rassrv-dispname%;Dial-Up Server"
"Description"="Dial-Up Server"
"ComponentId"="ms_rassrv"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2d,00,84,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}]
@DACL=(02 0000)
"Characteristics"=dword:00040028
"InfPath"="netnwifi.inf"
"InfSection"="MS_NWIFI.Install"
"LocDescription"="@netnwifi.inf,%ms_nwifi.displayname%;NativeWiFi Filter"
"Description"="NativeWiFi Filter"
"ComponentId"="MS_NativeWifiP"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,37,00,02,00,58,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}]
@DACL=(02 0000)
"Characteristics"=dword:00040038
"InfPath"="ndiscap.inf"
"InfSection"="Install"
"LocDescription"="@ndiscap.inf,%ndiscap_desc%;NDIS Capture LightWeight Filter"
"Description"="NDIS Capture LightWeight Filter"
"ComponentId"="MS_NDISCAP"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,26,00,f2,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{F5658C39-CD0D-45B5-A342-E2C037714CE4}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrass.inf"
"InfSection"="Ndi-RasMan"
"LocDescription"="@netrass.inf,%rasman-dispname%;Remote Access Connection Manager"
"Description"="Remote Access Connection Manager"
"ComponentId"="ms_rasman"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,f3,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}]
@DACL=(02 0000)
"Characteristics"=dword:00040000
"InfPath"="oem12.inf"
"InfSection"="Avgfwfd.ndi.NTamd64"
"LocDescription"="@oem12.inf,%avgfwfd_desc%;AVG network filter driver"
"Description"="AVG network filter driver"
"ComponentId"="gr_avgfwfd"
"InstallTimeStamp"=hex:dc,07,01,00,06,00,15,00,12,00,01,00,15,00,4e,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-PppoeProtocol"
"LocDescription"="@netrast.inf,%pppoe-dispname%;Point to Point Protocol Over Ethernet"
"Description"="Point to Point Protocol Over Ethernet"
"ComponentId"="ms_pppoe"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,20,00,fd,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{234991D1-04CC-47F5-A4A9-29808D68765F}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_WINS.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_wins.displayname%;WINS Client(TCP/IP) Protocol"
"Description"="WINS Client(TCP/IP) Protocol"
"ComponentId"="ms_netbt"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,14,00,dc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrast.inf"
"InfSection"="Ndi-PptpProtocol"
"LocDescription"="@netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol"
"Description"="Point to Point Tunneling Protocol"
"ComponentId"="ms_pptp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1f,00,ba,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_TCPIP.Tunnel.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_tcpip.tunnel.displayname%;Internet Protocol (TCP/IP) - Tunnels"
"Description"="Internet Protocol (TCP/IP) - Tunnels"
"ComponentId"="ms_tcpip_tunnel"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,28,00,34,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netip6.inf"
"InfSection"="MS_TCPIP6.Tunnel.Install"
"LocDescription"="@netip6.inf,%ms_tcpip6.tunnel.displayname%;Microsoft TCP/IP version 6 - Tunnels"
"Description"="Microsoft TCP/IP version 6 - Tunnels"
"ComponentId"="ms_tcpip6_tunnel"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,36,00,28,00,dc,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="nettcpip.inf"
"InfSection"="MS_NETBT_SMB.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_netbt_smb.displayname%;Message-oriented TCP/IP Protocol (SMB session)"
"Description"="Message-oriented TCP/IP Protocol (SMB session)"
"ComponentId"="ms_netbt_smb"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,14,00,2a,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2BE5AF45-DD00-422F-8484-8370DD108A53}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="ndisuio.inf"
"InfSection"="Install"
"LocDescription"="@ndisuio.inf,%ndisuio_desc%;NDIS Usermode I/O Protocol"
"Description"="NDIS Usermode I/O Protocol"
"ComponentId"="ms_ndisuio"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,17,00,98,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2FF8F288-20AD-41F8-A181-321D0659CA4D}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="rspndr.inf"
"InfSection"="Install"
"LocDescription"="@rspndr.inf,%displayname%;Link-Layer Topology Discovery Responder"
"Description"="Link-Layer Topology Discovery Responder"
"ComponentId"="MS_RSPNDR"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2b,00,2a,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{32345029-1B7D-43AF-B504-E71E5660B2F0}]
@DACL=(02 0000)
"Characteristics"=dword:000000a0
"InfPath"="netip6.inf"
"InfSection"="MS_TCPIP6.Install"
"LocDescription"="@netip6.inf,%ms_tcpip6.displayname%;Internet Protocol Version 6 (TCP/IPv6)"
"Description"="Internet Protocol Version 6 (TCP/IPv6)"
"ComponentId"="ms_tcpip6"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,13,00,c1,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}]
@DACL=(02 0000)
"Characteristics"=dword:000000a0
"InfPath"="nettcpip.inf"
"InfSection"="MS_TCPIP.PrimaryInstall"
"LocDescription"="@nettcpip.inf,%ms_tcpip.displayname%;Internet Protocol Version 4 (TCP/IPv4)"
"Description"="Internet Protocol Version 4 (TCP/IPv4)"
"ComponentId"="ms_tcpip"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,13,00,de,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{633F880E-FFD2-484F-A4CA-EB724F8BC057}]
@DACL=(02 0000)
"Characteristics"=dword:00000000
"InfPath"="lltdio.inf"
"InfSection"="Install"
"LocDescription"="@lltdio.inf,%displayname%;Link-Layer Topology Discovery Mapper I/O Driver"
"Description"="Link-Layer Topology Discovery Mapper I/O Driver"
"ComponentId"="MS_LLTDIO"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,2b,00,3c,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{69E184C5-2F7C-45D0-8C56-85097BA63C11}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-NdisWan"
"LocDescription"="@netrast.inf,%ndiswan-dispname%;Remote Access NDIS WAN Driver"
"Description"="Remote Access NDIS WAN Driver"
"ComponentId"="ms_ndiswan"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,a5,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netsstpt.inf"
"InfSection"="Ndi-SstpProtocol"
"LocDescription"="@netsstpt.inf,%sstp-dispname%;SSTP based VPN"
"Description"="SSTP based VPN"
"ComponentId"="ms_sstp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1b,00,59,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{7D857581-4BD0-44AB-B87C-921422A69D39}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-Wanarp"
"LocDescription"="@netrast.inf,%wanarp-dispname%;Remote Access IP ARP Driver"
"Description"="Remote Access IP ARP Driver"
"ComponentId"="MS_wanarp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,15,00,6d,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="nettcpip.inf"
"InfSection"="MS_SMB.Install"
"LocDescription"="@nettcpip.inf,%ms_smb.displayname%;Microsoft NetbiosSmb"
"Description"="Microsoft NetbiosSmb"
"ComponentId"="MS_SMB"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,35,00,38,00,86,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{E7AC61F5-4BFE-4254-8889-98A990D174D5}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netrast.inf"
"InfSection"="Ndi-L2tpProtocol"
"LocDescription"="@netrast.inf,%l2tp-dispname%;Layer 2 Tunneling Protocol"
"Description"="Layer 2 Tunneling Protocol"
"ComponentId"="ms_l2tp"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,1e,00,41,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}]
@DACL=(02 0000)
"Characteristics"=dword:00000028
"InfPath"="netrast.inf"
"InfSection"="Ndi-Wanarpv6"
"LocDescription"="@netrast.inf,%wanarpv6-dispname%;Remote Access IPv6 ARP Driver"
"Description"="Remote Access IPv6 ARP Driver"
"ComponentId"="MS_wanarpv6"
"InstallTimeStamp"=hex:d9,07,07,00,02,00,0e,00,04,00,31,00,21,00,cf,02
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F3466C37-54F0-4F42-BD00-818377567D04}]
@DACL=(02 0000)
"Characteristics"=dword:00000038
"InfPath"="netavpnt.inf"
"InfSection"="Ndi-AgileVpnProtocol"
"LocDescription"="@netavpnt.inf,%agilevpn-dispname%;AgileVpn based VPN"
"Description"="AgileVpn based VPN"
"ComponentId"="ms_agilevpn"
"InstallTimeStamp"=hex:dc,07,01,00,00,00,16,00,10,00,37,00,2a,00,b1,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\ReadyBoot\{2a274310-42d5-4019-b816-e4b8c7abe95c}]
@DACL=(02 0000)
"Enabled"=dword:00000001
"EnableFlags"=dword:00000020
"Status"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\ReadyBoot\{a319d300-015c-48be-acdb-47746e154751}]
@DACL=(02 0000)
"Enabled"=dword:00000001
"Status"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2012-02-05 14:08:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-05 13:08
ComboFix2.txt 2012-02-05 09:28
.
Před spuštěním: Volných bajtů: 407 433 928 704
Po spuštění: Volných bajtů: 407 161 667 584
.
- - End Of File - - DD28772CA464DF2394B8C081D2E3E6ED

Re: Modrá smrt

Napsal: 05 úno 2012 15:07
od karlospatmat
Eset byl smazán ten druhý ne ale byl vyřazen ze spuštění. Jinak nastal menší problém. Po dokonšení procesu a opětovného spuštění win se nemohu zaboha připojit k netu ani přez vifi a ni přez kabel???

Re: Modrá smrt

Napsal: 05 úno 2012 15:41
od karlospatmat
:arrow: http://leteckaposta.cz/383244684 :???: :???: :???:

Re: Modrá smrt

Napsal: 05 úno 2012 16:20
od karlospatmat
Tuneup jsem na dopručení smáznul taky. Akorád se chci jěště zeptat jestli jsem neudělal chybu, protože jsem dal obnovu sys kvůli připojení k netu a domnívám se že vše co udělal combofix je v pr... Nebo ne?

Re: Modrá smrt

Napsal: 05 úno 2012 16:35
od chodnik74
BSOD způsobuje opět ovladač VcommMgr.sys, protože jste ho vrátil, když nebyl, tak problémy nebyly ;-)

Re: Modrá smrt

Napsal: 05 úno 2012 16:39
od Mc_Murphy
karlospatmat píše:Tuneup jsem na dopručení smáznul taky. Akorád se chci jěště zeptat jestli jsem neudělal chybu, protože jsem dal obnovu sys kvůli připojení k netu a domnívám se že vše co udělal combofix je v pr... Nebo ne?
Ano, to je. Každý zbrklý krok, který uděláš v průběhu našich postupů je na nic. Nebo si během vrtání zubu odskakuješ na sváču a divíš se, že to zubaři vadí?! Takhle se nespolupracuje... :roll:

Re: Modrá smrt

Napsal: 05 úno 2012 16:57
od karlospatmat
Celou dobu nic. Jenže já jsem stím ovladačem neměl doposud nejmenčí problém. Dostal jsem Bluetooth společně s zakoupeným notebookem což je cca 1,5 roku nazpět. Pc jsem za tu dobu cca 4krát reinstaloval a vždy šlo vše ok a nebyla žádná bsod.
Až napososedy před cca10 dny při poslední reinstal to začalo zlobit :cry:

Re: Modrá smrt

Napsal: 05 úno 2012 17:00
od karlospatmat
No zaskočlilo mě to připojení k netu a nešlo to odstranit. Mám se tedy vrátit k předchozímu kroku? a znovu stáhnout combofix?
Všechny časy jsou v UTC+01:00
Stránka 8 z 11

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz