VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Blue screen a Rootkit

https://forum.viry.cz:443/viewtopic.php?t=121127

Stránka 3 z 4

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 15:57
od doomguy
< *keygen* /s >

< *loader* /s >
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Skype\Apps\login\images\loader.png
[2011.12.26 22:58:30 | 000,040,660 | ---- | M] () -- \Documents and Settings\Karel\AppData\Local\Opera\Opera\widgets\fastesttube-youtube-video-downloader-1.5.4-1.oex
[2012.04.17 23:31:59 | 000,172,432 | ---- | M] () -- \Documents and Settings\Karel\AppData\Local\Temp\0022079\prloader.dll
[2009.05.22 17:52:00 | 000,019,456 | ---- | M] () -- \Program Files\Games By GG releases\lib\loaders.dll
[2010.08.26 17:21:14 | 000,004,176 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Resources\en-US\searching\ajax-loader.gif
[2010.08.26 17:21:14 | 000,000,500 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2010.08.26 17:21:14 | 000,003,949 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2010.08.26 17:21:14 | 000,029,565 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2011.12.20 18:45:12 | 001,015,128 | ---- | M] () -- \Program Files\IObit\Game Booster 3\Freeware\GB_FreeSoftwareDownloader.exe
[2009.05.31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2001.07.11 01:18:00 | 000,001,288 | ---- | M] () -- \Program Files\Route_Riter\StuffitPack\Stuffed\US2Loader1.sd
[2009.02.01 20:53:04 | 000,004,572 | ---- | M] () -- \Program Files\Valve\Garry's Mod\garrysmod\spawnicons\loader.si0
[2009.02.01 20:53:05 | 000,003,003 | ---- | M] () -- \Program Files\Valve\Garry's Mod\garrysmod\spawnicons\loader_static.si0
[2009.02.01 20:50:54 | 000,005,766 | ---- | M] () -- \Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_trainyard\train_loader001.si0
[2009.02.01 21:22:25 | 000,000,179 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loaderCHROME.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loaderCHROME.vtf
[2009.02.01 21:22:25 | 000,000,073 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base.vmt
[2009.02.01 21:22:25 | 000,011,128 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base.vtf
[2009.02.01 21:22:25 | 000,000,080 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base_panels.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base_panels.vtf
[2009.02.01 21:22:25 | 000,000,079 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base_sides.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_base_sides.vtf
[2009.02.01 21:22:25 | 000,000,079 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_body_hatch.vmt
[2009.02.01 21:22:25 | 000,011,128 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_body_hatch.vtf
[2009.02.01 21:22:25 | 000,000,078 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_body_side.vmt
[2009.02.01 21:22:25 | 000,011,128 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_body_side.vtf
[2009.02.01 21:22:25 | 000,000,184 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_darkCHROME.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_darkCHROME.vtf
[2009.02.01 21:22:25 | 000,000,073 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_head.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_head.vtf
[2009.02.01 21:22:25 | 000,000,078 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_hydro.vmt
[2009.02.01 21:22:25 | 000,001,512 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_hydro.vtf
[2009.02.01 21:22:25 | 000,000,082 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_hydro_cut.vmt
[2009.02.01 21:22:25 | 000,000,888 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_hydro_cut.vtf
[2009.02.01 21:22:25 | 000,000,078 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_side1.vmt
[2009.02.01 21:22:25 | 000,011,048 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_leg_side1.vtf
[2009.02.01 21:22:25 | 000,000,186 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_steelchrome1.vmt
[2009.02.01 21:22:25 | 000,002,936 | ---- | M] () -- \Program Files\Valve\Garry's Mod\hl2\materials\PerfTest\loader\loader_steelchrome1.vtf
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Application Data\Skype\Apps\login\images\loader.png
[2012.02.29 09:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.02.29 09:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2011.12.26 22:58:30 | 000,040,660 | ---- | M] () -- \Users\Karel\AppData\Local\Opera\Opera\widgets\fastesttube-youtube-video-downloader-1.5.4-1.oex
[2012.04.17 23:31:59 | 000,172,432 | ---- | M] () -- \Users\Karel\AppData\Local\Temp\0022079\prloader.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2011.12.21 19:58:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2011.12.21 19:58:51 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2011.12.21 19:58:51 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.11.21 02:38:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2010.11.21 02:38:44 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2010.11.21 02:38:44 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010.11.20 23:31:02 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2010.11.20 23:31:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2010.11.20 23:31:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.13 19:54:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.11.21 02:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2010.11.20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB54636$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9D1B94FD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Application Data\TEMP:9D1B94FD

< End of report >

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 15:58
od doomguy
Extras.txt:

OTL Extras logfile created on: 18.4.2012 16:26:42 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Karel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,20 Gb Available Physical Memory | 11,29% Memory free
6,86 Gb Paging File | 5,71 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,81 Gb Total Space | 4,07 Gb Free Space | 8,16% Space Free | Partition Type: NTFS
Drive D: | 300,88 Gb Total Space | 6,94 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
Drive E: | 115,07 Gb Total Space | 2,44 Gb Free Space | 2,12% Space Free | Partition Type: NTFS

Computer Name: KAREL-PC | User Name: Karel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF51EF-901B-4AC5-AFF2-E1E79AC4F3C3}_is1" = Serious Sam 3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision(R)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{305C431C-CC6E-5506-CE75-29512315D306}" = AMD Drag and Drop Transcoding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341E1C05-5091-418F-B862-C28253A99F25}" = BOINC
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC6719B-F874-49CF-82A0-D3F5D65FFE2A}" = Microsoft WorldWide Telescope
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{42F71230-AB79-C3CF-2958-1F3F91B75BA6}" = AMD Fuel
"{46EE2498-853A-FF8C-12E9-06E0FE279536}" = AMD Catalyst Install Manager
"{472C9FFA-422E-465E-8360-D1276B4A4BC0}" = Penumbra - Black Plague + Requiem
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{656422DA-E1F7-4331-9EBE-BBF6E88580A9}" = Penumbra - Overture
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F35D5AE-3D28-4408-8731-59972AE27657}" = LG PC Suite III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3827AD3-3553-4463-87B3-D1B88B24C468}" = TortoiseSVN 1.7.5.22551 (32 bit)
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A869FEA9-B223-4324-B130-008AC50B054B}" = HyperLobby client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2979637-6A5A-4CF3-876C-AA2F199E3750}" = LGE GSM Device Driver OMAPV1030
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7241F38-7D90-794C-C77E-2F8DBEBED491}" = AMD Media Foundation Decoders
"{D9FEF41B-AD90-403D-B0C7-59F938DCCAE4}" = TopGun - Hardlock
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA11B681-D0F1-4675-BEFC-59BF222844F0}_is1" = Sins Of A Solar Empire: Diplomacy v1.34 Ironclad Online
"{ED396D9C-99C3-4243-80DF-0934DEA6C66E}_is1" = Road Construction Simulator 2011 Version 1.1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F20386D5-EE47-42FF-90CB-203A61787CA2}" = Oracle VM VirtualBox 4.1.10
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = AMD VISION Engine Control Center
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{WIDELANDS-WIN32-IS}_is1" = Widelands
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"AceIt_is1" = AceIt v1.3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ASIO4ALL" = ASIO4ALL
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"avast" = avast! Free Antivirus
"AviScreen Classic (Freeware)_is1" = AviScreen Classic Version 1.3
"CCleaner" = CCleaner
"Clownfish" = Clownfish for Skype
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CraftBukkit" = CraftBukkit
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.3
"DriverAgent.exe" = DriverAgent by eSupport.com
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"Enhanced Beta 0.6.2 Installer + lagg fix" = Enhanced Beta 0.6.2 Installer + lagg fix
"Euro Truck Simulator 1.3" = Euro Truck Simulator 1.3
"FL Studio 10" = FL Studio 10
"FLASHDRV_UNINSTALL" = Flash Loader utility driver
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FormatFactory" = FormatFactory 2.90
"Fraps" = Fraps (remove only)
"Freelancer 1.0" = Freelancer
"Game Booster_is1" = Game Booster 3
"GSMULTI" = GSMULTI V3.0
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers - War for Cybertron
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"IrfanView" = IrfanView (remove only)
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MediaInfo" = MediaInfo 0.7.55
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mobiola Web Camera for S60_is1" = Mobiola Web Camera for S60 3.0.15
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Dancer" = MP3 Dancer
"OpenAL" = OpenAL
"Opera 11.62.1347" = Opera 11.62
"Postal 2_is1" = Portal 2
"PowerISO" = PowerISO
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Rage_is1" = Rage
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RocketDock_is1" = RocketDock 1.3.5
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Saints Row The Third_is1" = Saints Row The Third
"Serious Sam TFE HD" = Serious Sam TFE HD (Jimbus edition)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"Stellarium_is1" = Stellarium 0.11.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TGATool2A_is1" = TGATool2A version 4.00.34
"Train Simulator 1.0" = Microsoft Train Simulator
"TransDEM Trainz Edition Update_is1" = TransDEM Trainz Edition 2.2.0.1 Update
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"Winamp" = Winamp
"Windows Dancer" = Windows Dancer
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3936861771-3270663531-1454860607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0 A.D." = 0 A.D.
"98c7cfac463f268c" = SGCSim v5.2
"GameRanger" = GameRanger
"Route_Riter v7.5" = Route_Riter v7.5
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17.4.2012 15:28:45 | Computer Name = Karel-PC | Source = VSS | ID = 8193
Description =

Error - 17.4.2012 15:28:45 | Computer Name = Karel-PC | Source = System Restore | ID = 8193
Description =

Error - 17.4.2012 15:37:29 | Computer Name = Karel-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 17.4.2012 15:38:55 | Computer Name = Karel-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.4.2012 17:15:02 | Computer Name = Karel-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis2.exe, verze: 1.8.0.0, časové razítko:
0x21544c46 Název chybujícího modulu: Crysis2.exe, verze: 1.8.0.0, časové razítko:
0x21544c46 Kód výjimky: 0xc0000005 Posun chyby: 0x00587420 ID chybujícího procesu:
0x9dc Čas spuštění chybující aplikace: 0x01cd1cdf15b61328 Cesta k chybující aplikaci:
D:\Crytek\Crysis 2\bin32\Crysis2.exe Cesta k chybujícímu modulu: D:\Crytek\Crysis
2\bin32\Crysis2.exe ID zprávy: 65089b48-88d2-11e1-9ec8-00252244b30b

Error - 17.4.2012 17:20:32 | Computer Name = Karel-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 17.4.2012 17:21:54 | Computer Name = Karel-PC | Source = WinMgmt | ID = 10
Description =

Error - 18.4.2012 2:25:40 | Computer Name = Karel-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 18.4.2012 2:27:07 | Computer Name = Karel-PC | Source = WinMgmt | ID = 10
Description =

Error - 18.4.2012 8:57:06 | Computer Name = Karel-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Quake4.exe, verze: 1.2.0.2386, časové razítko:
0x4432f5cf Název chybujícího modulu: Quake4.exe, verze: 1.2.0.2386, časové razítko:
0x4432f5cf Kód výjimky: 0xc0000005 Posun chyby: 0x0011c7dd ID chybujícího procesu:
0xe04 Čas spuštění chybující aplikace: 0x01cd1d62b51bc611 Cesta k chybující aplikaci:
I:\Games\Quake 4\Quake4.exe Cesta k chybujícímu modulu: I:\Games\Quake 4\Quake4.exe
ID
zprávy: ffdb6e7d-8955-11e1-b842-00252244b30b

[ System Events ]
Error - 18.4.2012 2:25:35 | Computer Name = Karel-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx aswSP aswTdi discache spldr VBoxDrv VBoxUSBMon Wanarpv6

Error - 18.4.2012 2:25:37 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 2:25:43 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 2:25:50 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 2:25:53 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 2:25:53 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 2:25:54 | Computer Name = Karel-PC | Source = Service Control Manager | ID = 7001
Description = Služba HomeGroup Provider závisí na službě Function Discovery Provider
Host, která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 18.4.2012 8:30:09 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =

Error - 18.4.2012 8:51:58 | Computer Name = Karel-PC | Source = DCOM | ID = 10010
Description =

Error - 18.4.2012 9:50:31 | Computer Name = Karel-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 16:08
od vyosek
:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
SRV - File not found [On_Demand | Stopped] -- C:\Users\Karel\Desktop\aircrack-ng-1.1-win\bin\wzcook.exe -- (WZCOOK)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Karel\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Karel\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Karel\AppData\Local\0 A.D. alpha\binaries\system\aken.sys -- (Aken)
() (No name found) -- C:\USERS\KAREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IGW4UYY4.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell - "" = AutoRun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application C:\Windows\$NtUninstallKB54636$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[103 C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0000\*.tmp -> ]
[78 C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0001\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0001\*.tmp -> ]
[46 C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0002\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\g_0002\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\revocation\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\cache\revocation\g_0000\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\icons\cache\g_0000\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Opera\Opera\icons\cache\g_0000\*.tmp -> ]
[5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[2012.04.17 06:17:15 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.04.17 19:35:53 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.04.17 06:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9D1B94FD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Application Data\TEMP:9D1B94FD

:files
C:\Windows\$NtUninstallKB54636$
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 16:34
od doomguy
Tak počitac najel do normalniho rezmu uz nema potize
LOG v příloze

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 16:34
od vyosek
Log prilozeny neni, uploadnete jej na LP http://leteckaposta.cz/

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 16:36
od doomguy
Je prilozeny jen mi ho to nechtelo vzit normalne tak sem ho dal do zipu

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 16:38
od vyosek
:arrow: Uz ano, ale kdyz jste post odeslal tak tam nebyl, je tam az ted po editu...

:arrow: Priste prosim zadne edity, jelikoz si jich nemusim vsimnout jelikoz se nezobrazuji jako nove posty

:arrow: SPustte nyni ComboFix, on toho OTL moc nedokazal smazat, jelikoz nema tam silne drivery...jeste je pak moznost spustit OTL z CD nebo flash disku kdyby nam CF nefungoval...

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 17:10
od doomguy
Dekuji za upozorneni dam si na ti pozor

Log s combofixu:
ComboFix 12-04-16.03 - Karel 18.04.2012 17:54:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.1791.972 [GMT 2:00]
Spuštěný z: c:\users\Karel\Documents\Combofix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MW
c:\program files\MW\TGATool2\TGATool2A.exe
c:\program files\MW\TGATool2\unins000.dat
c:\program files\MW\TGATool2\unins000.exe
C:\Recycle.Bin
c:\recycle.bin\4AD20D797C93A11
c:\users\Karel\AppData\Roaming\0ad
c:\users\Karel\AppData\Roaming\0ad\config\user.cfg
c:\users\Karel\AppData\Roaming\0ad\logs\interestinglog.html
c:\users\Karel\AppData\Roaming\0ad\logs\mainlog.html
c:\users\Karel\AppData\Roaming\0ad\logs\sim_log\476\commands.txt
c:\users\Karel\AppData\Roaming\0ad\logs\system_info.txt
c:\windows\$NtUninstallKB54636$
c:\windows\$NtUninstallKB54636$\1115854830\@
c:\windows\$NtUninstallKB54636$\1115854830\cfg.ini
c:\windows\$NtUninstallKB54636$\1115854830\Desktop.ini
c:\windows\$NtUninstallKB54636$\1115854830\L\xadqgnnk
c:\windows\$NtUninstallKB54636$\1115854830\twl.dll
c:\windows\$NtUninstallKB54636$\1115854830\U\00000001.@
c:\windows\$NtUninstallKB54636$\1115854830\U\00000002.@
c:\windows\$NtUninstallKB54636$\1115854830\U\00000004.@
c:\windows\$NtUninstallKB54636$\1115854830\U\80000000.@
c:\windows\$NtUninstallKB54636$\1115854830\U\80000004.@
c:\windows\$NtUninstallKB54636$\1115854830\U\80000032.@
c:\windows\$NtUninstallKB54636$\1115854830\version
c:\windows\$NtUninstallKB54636$\427787602
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-18 do 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:03 . 2012-04-18 16:05 -------- d-----w- c:\users\Karel\AppData\Local\temp
2012-04-18 16:03 . 2012-04-18 16:03 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-04-17 15:48 . 2012-04-17 15:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-17 15:43 . 2012-04-17 15:44 -------- d-----w- C:\rsit
2012-04-16 19:21 . 2012-04-16 19:21 -------- d-----w- c:\users\Karel\AppData\Local\Apps
2012-04-16 19:21 . 2012-04-17 14:59 -------- d-----w- c:\users\Karel\AppData\Local\Deployment
2012-04-16 16:27 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-04-16 16:27 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-04-16 16:27 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-04-15 21:00 . 2012-04-15 21:00 -------- d-----w- c:\users\Karel\AppData\Local\Freelancer
2012-04-15 08:37 . 2012-04-15 08:37 -------- d-----w- c:\users\Karel\AppData\Roaming\Rovio
2012-04-13 20:51 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD7CFB42-486B-4096-B87F-7E4C65B1D5F3}\mpengine.dll
2012-04-12 13:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 13:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 13:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 13:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 13:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 13:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 10:02 . 2012-04-07 10:02 -------- d-----w- c:\users\Karel\AppData\Local\Aspyr
2012-04-07 09:54 . 2012-04-07 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-04-05 20:24 . 2012-04-05 20:24 -------- d-----w- c:\users\Karel\AppData\Roaming\.Nitrous
2012-04-05 16:20 . 2012-04-05 16:20 -------- d-----w- c:\program files\RocketDock
2012-04-04 20:13 . 2012-04-04 20:13 -------- d-----w- c:\programdata\IObit
2012-04-04 20:13 . 2012-04-04 20:13 -------- d-----w- c:\program files\IObit
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
2012-04-02 20:24 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-04-02 20:24 . 2012-04-02 20:24 -------- d-----w- c:\program files\AMD
2012-04-02 20:23 . 2012-04-02 20:23 -------- d-----w- c:\users\Karel\AppData\Local\Downloaded Installations
2012-04-02 19:40 . 2012-04-02 19:40 -------- d-----w- c:\users\Karel\AppData\Local\TechSmith
2012-04-02 19:38 . 2012-04-02 19:38 -------- d-----w- c:\windows\system32\QuickTime
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\program files\QuickTime
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\programdata\TechSmith
2012-03-31 20:39 . 2012-03-31 20:39 -------- d-----w- c:\program files\Ubisoft
2012-03-31 19:16 . 2012-03-31 19:16 -------- d-----w- c:\program files\HyperLobby client
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\programdata\ATI
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\program files\AMD AVT
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\program files\AMD APP
2012-03-29 17:58 . 2012-03-29 17:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-03-29 17:58 . 2012-03-29 17:58 145960 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-29 17:58 . 2012-03-29 17:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-03-28 18:22 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-28 18:22 . 2012-03-28 18:22 -------- d-----w- c:\program files\CPUID
2012-03-26 17:58 . 2012-03-26 17:58 -------- d-----w- c:\users\Karel\AppData\Roaming\Stellarium
2012-03-26 17:57 . 2012-03-26 17:57 -------- d-----w- c:\program files\Stellarium
2012-03-26 12:51 . 2012-03-26 12:51 -------- d-----w- c:\programdata\Age of Empires 3
2012-03-25 14:03 . 2012-03-25 14:03 -------- d-----w- c:\users\Karel\AppData\Roaming\Malwarebytes
2012-03-25 14:02 . 2012-03-25 14:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 14:02 . 2012-03-25 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-24 12:41 . 2012-03-24 12:41 -------- d-----w- c:\program files\Ziegler-Tools
2012-03-23 23:27 . 2012-03-23 23:30 -------- d-----w- c:\users\Karel\.widelands
2012-03-23 23:23 . 2012-03-24 12:29 -------- d-----w- c:\program files\Widelands
2012-03-23 15:22 . 2012-03-23 15:22 -------- d-----w- c:\program files\Microsoft WSE
2012-03-21 22:03 . 2012-03-21 22:03 -------- d-----w- c:\program files\HyperCam 2
2012-03-21 18:04 . 2012-03-21 18:04 -------- d-----w- c:\windows\Sun
2012-03-20 23:07 . 2012-03-21 07:04 -------- d-----w- c:\users\Karel\VirtualBox VMs
2012-03-20 23:06 . 2012-03-25 09:18 -------- d-----w- c:\users\Karel\.VirtualBox
2012-03-20 23:05 . 2012-03-14 17:57 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-20 23:05 . 2012-03-14 17:57 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 21:17 . 2009-07-14 02:05 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-03-30 14:49 . 2012-03-10 17:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 14:49 . 2011-12-20 20:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 17:57 . 2012-03-14 17:57 82736 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-14 06:24 . 2011-12-20 19:57 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-14 06:24 . 2011-12-20 19:57 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-03-14 06:24 . 2011-12-20 19:57 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-03-14 06:24 . 2011-12-20 19:57 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-11-10 03:16 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2011-11-10 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2011-11-10 03:06 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2010-02-10 13:24 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2010-02-10 13:43 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2011-11-10 02:13 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2010-02-10 13:10 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2010-02-10 13:10 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-12-20 19:21 51200 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 23:26 . 2012-03-08 23:26 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-03-08 23:26 . 2012-03-08 23:26 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-03-08 23:25 . 2012-03-08 23:25 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-03-08 23:24 . 2012-03-08 23:24 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-07 00:15 . 2012-01-07 09:50 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-07 09:50 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-07 09:50 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-07 09:50 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-03-03 11:18 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2012-01-07 09:50 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-07 09:50 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2012-01-07 09:50 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 16:53 . 2012-02-26 16:53 65536 ----a-w- c:\windows\IFinst27.exe
2012-02-23 07:18 . 2011-12-20 20:01 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 10:20 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 10:20 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:20 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 10:20 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-04 09:56 . 2012-02-04 09:56 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-02-03 03:54 . 2012-03-14 10:20 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-01-25 05:32 . 2012-03-14 10:20 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:20 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:20 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-29 17:58 . 2011-12-20 19:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-20 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files\PowerStrip\PStrip.exe [2011-4-27 742944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][Ş?u?đ, ?i?eô ??? ga?e cő?ťř?l?e?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKLM\~\startupfolder\C:^Users^Karel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
path=c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Dancer.lnk
backup=c:\windows\pss\MP3 Dancer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2012-02-13 10:16 1055992 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-12-31 819729]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 SkypeUpdate;Skype Updater;c:\users\Karel\Desktop\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2012-02-04 23456]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-29 129976]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-09-21 21992]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-03-14 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
.
.
.
------- Doplňkový sken -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.168.254 192.168.167.254
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\igw4uyy4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.BabylonToolbar_i.id - fa5aec7500000000000000ffd5b19739
FF - user.js: extensions.BabylonToolbar_i.hardId - fa5aec7500000000000000ffd5b19739
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-77647774.sys
SafeBoot-drmkaud
AddRemove-Enhanced Beta 0.6.2 Installer + lagg fix - c:\program files\EA Games\Command & Conquer Generals Zero Hour\Enhanced Beta 0.6.2
AddRemove-RiseOfNationsExpansion 1.0 - i:\program files\Microsoft Games\Rise of Nations\Uninstal.exe
AddRemove-TGATool2A_is1 - c:\program files\MW\TGATool2\unins000.exe
AddRemove-Train Simulator 1.0 - i:\games\msts\UNINSTAL.EXE
AddRemove-{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1 - i:\games\Amnesia - The Dark Descent\unins000.exe
AddRemove-{D9FEF41B-AD90-403D-B0C7-59F938DCCAE4} - d:\program files\TopGun - Hardlock\Uninstall.exe
AddRemove-0 A.D - i:\program files\0ad\0 A.D. alpha\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3628)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\TEMP\mrt4BBE.tmp\stdrt.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Game Booster 3\gbtray.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\BOINC\boinc.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2012-04-18 18:08:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-18 16:08
.
Před spuštěním: 4 415 950 848
Po spuštění: 4 399 357 952
.
- - End Of File - - 6D17F7C777E461EDC68F3EE55201FFED

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 17:22
od vyosek
:arrow: Odinstalujte vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\windows\TEMP\mrt4BBE.tmp

Restore::
c:\windows\System32\user32.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

Driver::
gupdate
gupdatem

Firefox::
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\igw4uyy4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.BabylonToolbar_i.id - fa5aec7500000000000000ffd5b19739
FF - user.js: extensions.BabylonToolbar_i.hardId - fa5aec7500000000000000ffd5b19739
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 17:44
od doomguy
Dufam ze sem to udelal dobře

ComboFix 12-04-16.03 - Karel 18.04.2012 18:29:38.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.1791.580 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\Combofix.exe
Použité ovládací přepínače :: c:\users\Karel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\server.log
c:\windows\system32\uninstall.exe
c:\windows\TEMP\mrt4BBE.tmp
c:\windows\TEMP\mrt4BBE.tmp\aviflt.ift
c:\windows\TEMP\mrt4BBE.tmp\bmpFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\fliFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\Get.mfx
c:\windows\TEMP\mrt4BBE.tmp\gifFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\jpgFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\KcActiveX.mfx
c:\windows\TEMP\mrt4BBE.tmp\kcedit.mfx
c:\windows\TEMP\mrt4BBE.tmp\kcfile.mfx
c:\windows\TEMP\mrt4BBE.tmp\kclist.mfx
c:\windows\TEMP\mrt4BBE.tmp\KcWebX.mfx
c:\windows\TEMP\mrt4BBE.tmp\mmfs2.dll
c:\windows\TEMP\mrt4BBE.tmp\pcxFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\pngFlt.ift
c:\windows\TEMP\mrt4BBE.tmp\Registry2.mfx
c:\windows\TEMP\mrt4BBE.tmp\stdrt.exe
c:\windows\TEMP\mrt4BBE.tmp\tgaflt.ift
c:\windows\TEMP\mrt4BBE.tmp\volume.mfx
.
Nakažená kopie c:\windows\System32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-18 do 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:37 . 2012-04-18 16:37 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-04-18 16:37 . 2012-04-18 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 16:03 . 2012-04-18 16:39 -------- d-----w- c:\users\Karel\AppData\Local\temp
2012-04-18 15:13 . 2012-04-18 15:13 -------- d-----w- C:\_OTL
2012-04-18 06:11 . 2012-04-18 06:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-17 15:48 . 2012-04-17 15:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-17 15:43 . 2012-04-17 15:44 -------- d-----w- C:\rsit
2012-04-16 19:21 . 2012-04-16 19:21 -------- d-----w- c:\users\Karel\AppData\Local\Apps
2012-04-16 19:21 . 2012-04-17 14:59 -------- d-----w- c:\users\Karel\AppData\Local\Deployment
2012-04-16 16:27 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-04-16 16:27 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-04-16 16:27 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-04-15 21:00 . 2012-04-15 21:00 -------- d-----w- c:\users\Karel\AppData\Local\Freelancer
2012-04-15 08:37 . 2012-04-15 08:37 -------- d-----w- c:\users\Karel\AppData\Roaming\Rovio
2012-04-13 20:51 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD7CFB42-486B-4096-B87F-7E4C65B1D5F3}\mpengine.dll
2012-04-12 13:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 13:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 13:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 13:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 13:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 13:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 10:02 . 2012-04-07 10:02 -------- d-----w- c:\users\Karel\AppData\Local\Aspyr
2012-04-07 09:54 . 2012-04-07 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-04-05 20:24 . 2012-04-05 20:24 -------- d-----w- c:\users\Karel\AppData\Roaming\.Nitrous
2012-04-05 16:20 . 2012-04-05 16:20 -------- d-----w- c:\program files\RocketDock
2012-04-04 20:13 . 2012-04-04 20:13 -------- d-----w- c:\programdata\IObit
2012-04-04 20:13 . 2012-04-04 20:13 -------- d-----w- c:\program files\IObit
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
2012-04-02 20:24 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-04-02 20:24 . 2012-04-02 20:24 -------- d-----w- c:\program files\AMD
2012-04-02 20:23 . 2012-04-02 20:23 -------- d-----w- c:\users\Karel\AppData\Local\Downloaded Installations
2012-04-02 19:40 . 2012-04-02 19:40 -------- d-----w- c:\users\Karel\AppData\Local\TechSmith
2012-04-02 19:38 . 2012-04-02 19:38 -------- d-----w- c:\windows\system32\QuickTime
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\program files\QuickTime
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\programdata\TechSmith
2012-03-31 20:39 . 2012-03-31 20:39 -------- d-----w- c:\program files\Ubisoft
2012-03-31 19:16 . 2012-03-31 19:16 -------- d-----w- c:\program files\HyperLobby client
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\programdata\ATI
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\program files\AMD AVT
2012-03-30 15:06 . 2012-03-30 15:06 -------- d-----w- c:\program files\AMD APP
2012-03-29 17:58 . 2012-03-29 17:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-03-29 17:58 . 2012-03-29 17:58 145960 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-29 17:58 . 2012-03-29 17:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-03-28 18:22 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-28 18:22 . 2012-03-28 18:22 -------- d-----w- c:\program files\CPUID
2012-03-26 17:58 . 2012-03-26 17:58 -------- d-----w- c:\users\Karel\AppData\Roaming\Stellarium
2012-03-26 17:57 . 2012-03-26 17:57 -------- d-----w- c:\program files\Stellarium
2012-03-26 12:51 . 2012-03-26 12:51 -------- d-----w- c:\programdata\Age of Empires 3
2012-03-25 14:03 . 2012-03-25 14:03 -------- d-----w- c:\users\Karel\AppData\Roaming\Malwarebytes
2012-03-25 14:02 . 2012-03-25 14:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 14:02 . 2012-03-25 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-24 12:41 . 2012-03-24 12:41 -------- d-----w- c:\program files\Ziegler-Tools
2012-03-23 23:27 . 2012-03-23 23:30 -------- d-----w- c:\users\Karel\.widelands
2012-03-23 23:23 . 2012-03-24 12:29 -------- d-----w- c:\program files\Widelands
2012-03-23 15:22 . 2012-03-23 15:22 -------- d-----w- c:\program files\Microsoft WSE
2012-03-21 22:03 . 2012-03-21 22:03 -------- d-----w- c:\program files\HyperCam 2
2012-03-21 18:04 . 2012-03-21 18:04 -------- d-----w- c:\windows\Sun
2012-03-20 23:07 . 2012-03-21 07:04 -------- d-----w- c:\users\Karel\VirtualBox VMs
2012-03-20 23:06 . 2012-03-25 09:18 -------- d-----w- c:\users\Karel\.VirtualBox
2012-03-20 23:05 . 2012-03-14 17:57 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-20 23:05 . 2012-03-14 17:57 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 21:17 . 2009-07-14 02:05 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-03-30 14:49 . 2012-03-10 17:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 14:49 . 2011-12-20 20:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 17:57 . 2012-03-14 17:57 82736 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-14 06:24 . 2011-12-20 19:57 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-14 06:24 . 2011-12-20 19:57 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-03-14 06:24 . 2011-12-20 19:57 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-03-14 06:24 . 2011-12-20 19:57 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-11-10 03:16 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2011-11-10 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2011-11-10 03:06 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2010-02-10 13:24 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2010-02-10 13:43 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2011-11-10 02:13 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2010-02-10 13:10 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2010-02-10 13:10 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-12-20 19:21 51200 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 23:26 . 2012-03-08 23:26 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-03-08 23:26 . 2012-03-08 23:26 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-03-08 23:25 . 2012-03-08 23:25 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-03-08 23:24 . 2012-03-08 23:24 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-07 00:15 . 2012-01-07 09:50 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-07 09:50 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-07 09:50 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-07 09:50 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-03-03 11:18 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2012-01-07 09:50 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-07 09:50 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2012-01-07 09:50 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 16:53 . 2012-02-26 16:53 65536 ----a-w- c:\windows\IFinst27.exe
2012-02-23 07:18 . 2011-12-20 20:01 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 10:20 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 10:20 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:20 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 10:20 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-04 09:56 . 2012-02-04 09:56 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-02-03 03:54 . 2012-03-14 10:20 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-01-25 05:32 . 2012-03-14 10:20 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:20 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:20 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-29 17:58 . 2011-12-20 19:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files\PowerStrip\PStrip.exe [2011-4-27 742944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][Ş?u?đ, ?i?eô ??? ga?e cő?ťř?l?e?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKLM\~\startupfolder\C:^Users^Karel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
path=c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Dancer.lnk
backup=c:\windows\pss\MP3 Dancer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2012-02-13 10:16 1055992 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-12-31 819729]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 SkypeUpdate;Skype Updater;c:\users\Karel\Desktop\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2012-02-04 23456]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-29 129976]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-09-21 21992]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-03-14 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-10 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page =
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\igw4uyy4.default\
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5836)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\TEMP\mrt5704.tmp\stdrt.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\BOINC\boinc.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2012-04-18 18:42:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-18 16:42
ComboFix2.txt 2012-04-18 16:08
.
Před spuštěním: 4 462 354 432
Po spuštění: 4 256 808 960
.
- - End Of File - - F2DAEB52C75F8D0813835BDDB3634AF9

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 17:50
od vyosek
Ano, v poradku :thumbsup:

Jak se chova nas pacient :???:

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 17:57
od doomguy
Je mnohem rychlejsi vse funguje jak ma

-Ten Zero Acces uz tam neni?
-Nemohl se ten ZA schovat na externi disk kdyz byl pripojeny?

Jinak dekuji moc za pomoc uz sem se bal ze budu muset formatovat.

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 18:12
od vyosek
:arrow: ZA by tam byt jiz nemel, ale nyni zalezi jak moc naboril system, ale dle logu se zda byt OK

:arrow: Na pripojitelna media nesaha

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Doporucuji kompletni zmenu hesel - ZA je rad krade a povida si o nich s okolim

:arrow: Poprosim o novy log z RSIT a napiste co PC

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 18:32
od doomguy
T-Cleaner nejde spustit jen problikne a nic

RSIT
nrLogfile of random's system information tool 1.09 (written by random/random)
Run by Karel at 2012-04-18 19:29:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 4 GB (9%) free of 51 GB
Total RAM: 1791 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:59, on 18.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Users\Karel\Desktop\Phone\Skype.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\Karel\Documents\RSIT.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Licensing Console - - C:\Windows\system32\mrvcl32.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Users\Karel\Desktop\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6055 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\igw4uyy4.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.228 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.3.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\igw4uyy4.default\extensions\
staged

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2012-01-10 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-18 7711264]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2011-07-28 4514992]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2011-07-28 70832]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2011-09-16 63048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-09 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files\Clownfish\Clownfish.exe [2012-02-13 1055992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Karel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
C:\PROGRA~1\MP3DAN~1\MP3DAN~1.EXE [2001-10-08 229376]

C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{640167b4-59b0-47a6-b335-a6b3c0695aea}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.IV41"=IR41_32.AX
"msacm.vorbis"=vorbis.acm
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.tscc"=C:\Windows\system32\tsccvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-18 19:29:41 ----D---- C:\rsit
2012-04-18 18:42:34 ----SHD---- C:\$RECYCLE.BIN
2012-04-18 18:37:38 ----D---- C:\Windows\temp
2012-04-18 08:11:44 ----D---- C:\ProgramData\Kaspersky Lab
2012-04-17 18:38:14 ----D---- C:\Windows\ERDNT
2012-04-17 17:48:22 ----D---- C:\TDSSKiller_Quarantine
2012-04-16 18:27:35 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-04-16 18:27:35 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-04-16 18:27:35 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-04-15 10:37:45 ----D---- C:\Users\Karel\AppData\Roaming\Rovio
2012-04-13 16:05:01 ----D---- C:\Users\Karel\AppData\Roaming\Google
2012-04-13 16:02:04 ----D---- C:\ProgramData\Google
2012-04-12 15:52:25 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 15:52:24 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 15:52:24 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 15:52:24 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 15:52:23 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 15:52:23 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 15:52:22 ----A---- C:\Windows\system32\url.dll
2012-04-12 15:52:22 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 15:52:21 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 15:52:19 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 15:52:18 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 15:48:36 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 15:48:36 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 15:48:35 ----A---- C:\Windows\system32\wintrust.dll
2012-04-12 15:48:35 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 15:48:22 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-12 15:48:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-07 11:54:05 ----SHD---- C:\Windows\ftpcache
2012-04-05 22:24:41 ----D---- C:\Users\Karel\AppData\Roaming\.Nitrous
2012-04-05 18:20:33 ----D---- C:\Program Files\RocketDock
2012-04-04 22:13:17 ----D---- C:\ProgramData\IObit
2012-04-04 22:13:16 ----D---- C:\Program Files\IObit
2012-04-02 22:24:54 ----A---- C:\Windows\system32\drivers\AmdLLD.sys
2012-04-02 22:24:49 ----D---- C:\Program Files\AMD
2012-04-02 21:38:05 ----D---- C:\Windows\system32\QuickTime
2012-04-02 21:37:51 ----D---- C:\Program Files\QuickTime
2012-04-02 21:37:33 ----D---- C:\Program Files\Common Files\TechSmith Shared
2012-04-02 21:37:24 ----D---- C:\ProgramData\TechSmith
2012-04-01 19:06:16 ----D---- C:\Windows\Minidump
2012-03-31 22:39:32 ----D---- C:\Program Files\Ubisoft
2012-03-31 21:16:58 ----D---- C:\Program Files\HyperLobby client
2012-03-30 17:06:28 ----D---- C:\ProgramData\ATI
2012-03-30 17:06:24 ----D---- C:\Program Files\AMD AVT
2012-03-30 17:06:21 ----D---- C:\Program Files\AMD APP
2012-03-29 19:58:26 ----D---- C:\ProgramData\Mozilla
2012-03-29 19:58:25 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-03-28 20:22:15 ----A---- C:\Windows\system32\drivers\cpuz135_x32.sys
2012-03-28 20:22:14 ----D---- C:\Program Files\CPUID
2012-03-28 16:12:40 ----A---- C:\Windows\eReg.dat
2012-03-26 19:58:09 ----D---- C:\Users\Karel\AppData\Roaming\Stellarium
2012-03-26 19:57:08 ----D---- C:\Program Files\Stellarium
2012-03-26 14:51:17 ----D---- C:\ProgramData\Age of Empires 3
2012-03-25 16:03:13 ----D---- C:\Users\Karel\AppData\Roaming\Malwarebytes
2012-03-25 16:02:47 ----D---- C:\ProgramData\Malwarebytes
2012-03-25 16:02:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-24 14:41:21 ----D---- C:\Program Files\Ziegler-Tools
2012-03-24 01:23:32 ----D---- C:\Program Files\Widelands
2012-03-23 17:22:05 ----D---- C:\Program Files\Microsoft WSE
2012-03-22 00:03:34 ----D---- C:\Program Files\HyperCam 2
2012-03-21 20:04:20 ----D---- C:\Windows\Sun
2012-03-21 01:05:21 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-03-21 01:05:08 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-03-20 20:46:06 ----A---- C:\wepkeys.txt
2012-03-19 17:19:15 ----D---- C:\Program Files\CrystalDiskInfo
2012-03-19 15:37:35 ----D---- C:\ProgramData\Hewlett-Packard
2012-03-19 00:55:38 ----D---- C:\Windows\pss

======List of files/folders modified in the last 1 month======

2012-04-18 19:29:49 ----D---- C:\Program Files\trend micro
2012-04-18 19:28:50 ----SHD---- C:\System Volume Information
2012-04-18 19:28:10 ----D---- C:\Users\Karel\AppData\Roaming\Azureus
2012-04-18 19:28:10 ----D---- C:\ProgramData\LogMeIn
2012-04-18 19:28:09 ----D---- C:\Windows\System32
2012-04-18 19:28:09 ----D---- C:\Windows\inf
2012-04-18 19:28:08 ----D---- C:\Windows
2012-04-18 19:27:30 ----D---- C:\Windows\system32\config
2012-04-18 19:27:24 ----D---- C:\Users\Karel\AppData\Roaming\Skype
2012-04-18 19:27:05 ----D---- C:\Windows\system32\catroot2
2012-04-18 19:26:47 ----D---- C:\ProgramData\BOINC
2012-04-18 19:26:40 ----A---- C:\Users\Karel\AppData\Roaming\PStrip.ini
2012-04-18 18:42:58 ----D---- C:\Windows\system32\drivers
2012-04-18 18:39:50 ----A---- C:\Users\Karel\AppData\Roaming\PStrip.bak
2012-04-18 18:39:49 ----A---- C:\Windows\system.ini
2012-04-18 18:39:34 ----D---- C:\Windows\system32\drivers\etc
2012-04-18 18:34:02 ----D---- C:\Windows\AppPatch
2012-04-18 18:34:00 ----D---- C:\Program Files\Common Files
2012-04-18 18:12:00 ----D---- C:\Windows\Tasks
2012-04-18 18:03:00 ----D---- C:\Program Files
2012-04-18 17:23:45 ----D---- C:\Users\Karel\AppData\Roaming\.minecraft
2012-04-18 17:16:56 ----D---- C:\Windows\SoftwareDistribution
2012-04-18 17:13:36 ----SHD---- C:\Windows\Installer
2012-04-18 08:11:44 ----D---- C:\ProgramData
2012-04-17 22:22:33 ----D---- C:\Users\Karel\AppData\Roaming\TS3Client
2012-04-17 22:22:32 ----D---- C:\Windows\Logs
2012-04-17 22:22:32 ----D---- C:\Windows\debug
2012-04-16 20:42:02 ----D---- C:\Windows\Prefetch
2012-04-16 18:33:26 ----RSD---- C:\Windows\assembly
2012-04-16 18:30:16 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-15 22:56:43 ----RSD---- C:\Windows\Fonts
2012-04-15 12:02:49 ----D---- C:\Program Files\SpeedFan
2012-04-14 19:14:39 ----D---- C:\Windows\system32\Tasks
2012-04-13 16:02:04 ----D---- C:\Program Files\Google
2012-04-12 23:47:11 ----D---- C:\Windows\Microsoft.NET
2012-04-12 16:01:34 ----D---- C:\Windows\winsxs
2012-04-12 15:59:23 ----D---- C:\Windows\system32\migration
2012-04-12 15:59:22 ----D---- C:\Program Files\Internet Explorer
2012-04-12 15:52:34 ----D---- C:\Windows\system32\catroot
2012-04-12 15:51:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-12 15:48:48 ----A---- C:\Windows\system32\MRT.exe
2012-04-09 14:25:31 ----D---- C:\Windows\system32\world
2012-04-09 14:24:55 ----A---- C:\Windows\system32\white-list.txt
2012-04-09 14:24:55 ----A---- C:\Windows\system32\ops.txt
2012-04-09 14:24:55 ----A---- C:\Windows\system32\banned-players.txt
2012-04-09 14:24:55 ----A---- C:\Windows\system32\banned-ips.txt
2012-04-09 14:20:35 ----D---- C:\Windows\system32\world_the_end
2012-04-09 14:20:35 ----D---- C:\Windows\system32\world_nether
2012-04-02 22:25:00 ----D---- C:\Windows\system32\DriverStore
2012-04-02 22:17:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-04-02 22:17:13 ----D---- C:\Program Files\Adobe
2012-04-02 18:34:00 ----D---- C:\Program Files\BOINC
2012-03-30 17:06:25 ----D---- C:\ProgramData\AMD
2012-03-30 17:05:55 ----D---- C:\Program Files\ATI Technologies
2012-03-30 16:49:56 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-03-30 16:47:36 ----D---- C:\Program Files\Opera
2012-03-29 19:58:31 ----D---- C:\Program Files\Mozilla Firefox
2012-03-28 17:31:23 ----D---- C:\Users\Karel\AppData\Roaming\TortoiseSVN
2012-03-24 17:35:12 ----D---- C:\Users\Karel\AppData\Roaming\Winamp
2012-03-24 17:35:12 ----D---- C:\Users\Karel\AppData\Roaming\Media Player Classic
2012-03-21 12:31:58 ----D---- C:\Windows\rescache
2012-03-21 01:05:21 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-20 00:21:41 ----D---- C:\Users\Karel\AppData\Roaming\Sony
2012-03-19 08:54:23 ----D---- C:\Program Files\LogMeIn

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 14392]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 91952]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [2011-09-21 21992]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 47640]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 PStrip;PStrip; C:\Windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-18 2752352]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2011-09-16 10144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 116016]
S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 100352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2012-02-04 23456]
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2011-07-29 8456]
S3 FlashUSB;Flash Loader utility driver; C:\Windows\System32\Drivers\FlashUSB.sys [2008-01-25 15453]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2012-03-14 82736]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vsbus;Virtual Serial Bus Enumerator; C:\Windows\system32\DRIVERS\vsb.sys [2008-07-24 15264]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-09 163328]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 291840]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2012-03-14 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2012-03-14 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2011-09-16 390528]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Adobe Licensing Console;Adobe Licensing Console; C:\Windows\system32\mrvcl32.exe [2011-12-31 819729]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SkypeUpdate;Skype Updater; C:\Users\Karel\Desktop\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-29 129976]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Počitac jede uplne nadherne zadne problemky jsem zatim nezjistil.

Re: Blue screen a Rootkit

Napsal: 18 dub 2012 19:26
od vyosek
:arrow: Smazte rucne tuhle slozku C:\TDSSKiller_Quarantine

:arrow: Jinak log OK :|
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz