Nelze spustit centrum zabezpečení

Zpráva

tanhir · #1 Příspěvek od **tanhir** » 30 čer 2011 17:48

Tak mne taky potkal tento problém, který sem tu našel víckrát v jiných tématech. Přikládám log z RSIT. Děkuji za pomoc.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Libor at 2011-06-30 18:37:57
Microsoft Windows 7 Home Premium
System drive C: has 32 GB (32%) free of 100 GB
Total RAM: 4095 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:11, on 30.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Libor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Unknown owner - C:\Windows\system32\pr2akt6c.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7276 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\runservice.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000654
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UAService7.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 292
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Libor\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-20 7981088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"PC Suite for Smartphones"=C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-12-25 548864]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-06-16 259072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Pro Cycling Manager 2007\PCM.exe"="D:\Pro Cycling Manager 2007\PCM.exe:*:Enabled:Pro Cycling Manager 2007"
"C:\Program Files (x86)\Pro Cycling Manager 2007\PCM.exe"="C:\Program Files (x86)\Pro Cycling Manager 2007\PCM.exe:*:Enabled:Pro Cycling Manager 2007"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-06-30 18:37:57 ----D---- C:\rsit
2011-06-30 18:37:57 ----D---- C:\Program Files\trend micro
2011-06-30 18:18:37 ----D---- C:\Users\Libor\AppData\Roaming\Malwarebytes
2011-06-30 18:17:30 ----D---- C:\ProgramData\Malwarebytes
2011-06-30 18:17:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-06-30 17:52:25 ----A---- C:\ComboFix.txt
2011-06-30 17:48:36 ----D---- C:\$RECYCLE.BIN
2011-06-30 17:41:47 ----D---- C:\Windows\ERDNT
2011-06-30 13:39:31 ----D---- C:\Users\Libor\AppData\Roaming\Avira
2011-06-30 13:37:26 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-06-30 13:37:26 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-06-30 13:37:25 ----D---- C:\ProgramData\Avira
2011-06-30 13:37:25 ----D---- C:\Program Files (x86)\Avira
2011-06-30 13:31:10 ----HD---- C:\ProgramData\Common Files
2011-06-30 13:28:43 ----D---- C:\ProgramData\MFAData
2011-06-30 12:17:46 ----RASH---- C:\Windows\SYSWOW64\negoextsu.dll
2011-06-27 17:42:46 ----A---- C:\Windows\SYSWOW64\VB5DB.DLL
2011-06-27 17:18:26 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-06-25 17:06:46 ----A---- C:\Windows\SYSWOW64\status.txt
2011-06-25 10:03:07 ----A---- C:\Windows\ntbtlog.txt
2011-06-24 13:20:40 ----D---- C:\Program Files\HP
2011-06-24 11:15:19 ----D---- C:\Program Files (x86)\Microsoft
2011-06-24 10:08:28 ----D---- C:\Users\Libor\AppData\Roaming\TweakNow RegCleaner 2011
2011-06-24 10:08:28 ----D---- C:\Program Files (x86)\TweakNow RegCleaner 2011
2011-06-23 10:17:47 ----D---- C:\Program Files (x86)\MSECACHE
2011-06-23 09:53:20 ----D---- C:\Windows\pss
2011-06-22 22:18:55 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2011-06-21 08:14:05 ----HD---- C:\Windows\AxInstSV
2011-06-20 19:27:53 ----D---- C:\Users\Libor\AppData\Roaming\Tunngle
2011-06-20 19:27:53 ----D---- C:\ProgramData\Tunngle
2011-06-20 19:27:49 ----A---- C:\Windows\system32\drivers\tap0901t.sys
2011-06-11 22:49:26 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-06-11 22:49:26 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-06-11 22:49:26 ----A---- C:\Windows\SYSWOW64\java.exe
2011-06-08 18:49:15 ----D---- C:\Windows\Sun
2011-06-04 14:48:18 ----D---- C:\ProgramData\Sony Corporation
2011-06-04 14:43:44 ----D---- C:\Users\Libor\AppData\Roaming\Sony Corporation
2011-06-04 14:39:21 ----D---- C:\Users\Libor\AppData\Roaming\InstallShield
2011-06-02 09:00:55 ----D---- C:\Program Files (x86)\NeoDownloader
2011-06-02 08:48:22 ----D---- C:\Users\Libor\AppData\Roaming\NeoDownloader
2011-06-01 22:03:23 ----D---- C:\Program Files (x86)\Mihov Picture Downloader

======List of files/folders modified in the last 1 months======

2011-06-30 18:37:57 ----RD---- C:\Program Files
2011-06-30 18:36:17 ----D---- C:\Windows\Temp
2011-06-30 18:31:29 ----SHD---- C:\Windows\Installer
2011-06-30 18:31:29 ----D---- C:\Program Files\Sony Ericsson
2011-06-30 18:31:29 ----D---- C:\Program Files (x86)
2011-06-30 18:31:29 ----D---- C:\Config.Msi
2011-06-30 18:28:01 ----D---- C:\Windows\SYSWOW64\drivers
2011-06-30 18:17:30 ----D---- C:\ProgramData
2011-06-30 18:17:26 ----D---- C:\Windows\system32\drivers
2011-06-30 18:16:40 ----D---- C:\Windows
2011-06-30 18:16:31 ----SHD---- C:\System Volume Information
2011-06-30 18:07:36 ----SD---- C:\Users\Libor\AppData\Roaming\Microsoft
2011-06-30 18:07:01 ----RSD---- C:\Windows\Fonts
2011-06-30 18:05:56 ----D---- C:\Windows\SysWOW64
2011-06-30 18:05:43 ----D---- C:\Program Files\Common Files
2011-06-30 18:05:37 ----D---- C:\Windows\inf
2011-06-30 18:04:38 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-06-30 18:04:26 ----D---- C:\Program Files (x86)\HP
2011-06-30 18:03:50 ----D---- C:\Program Files (x86)\CD to MP3 Freeware
2011-06-30 18:02:55 ----D---- C:\Program Files (x86)\Common Files
2011-06-30 18:02:07 ----D---- C:\Program Files (x86)\Adobe
2011-06-30 18:00:57 ----D---- C:\ProgramData\Adobe
2011-06-30 17:57:14 ----D---- C:\Windows\system32\DriverStore
2011-06-30 17:57:14 ----D---- C:\Windows\system32\catroot
2011-06-30 17:56:04 ----D---- C:\Windows\twain_32
2011-06-30 17:51:10 ----D---- C:\Windows\system32\Tasks
2011-06-30 17:51:08 ----D---- C:\Windows\Tasks
2011-06-30 17:48:53 ----A---- C:\Windows\system.ini
2011-06-30 17:48:30 ----D---- C:\Windows\system32\drivers\etc
2011-06-30 17:45:09 ----D---- C:\Windows\System32
2011-06-30 17:45:09 ----D---- C:\Windows\AppPatch
2011-06-30 17:42:19 ----D---- C:\Windows\Prefetch
2011-06-30 13:27:52 ----HD---- C:\Windows\system32\GroupPolicy
2011-06-30 13:01:20 ----D---- C:\Users\Libor\AppData\Roaming\uTorrent
2011-06-30 12:41:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-30 11:31:28 ----D---- C:\Users\Libor\AppData\Roaming\Adobe
2011-06-30 11:25:29 ----D---- C:\Windows\Minidump
2011-06-29 22:58:44 ----D---- C:\ProgramData\Skype Extras
2011-06-29 21:37:17 ----D---- C:\Users\Libor\AppData\Roaming\Skype
2011-06-29 21:00:01 ----D---- C:\Users\Libor\AppData\Roaming\skypePM
2011-06-29 20:06:21 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-29 17:42:21 ----D---- C:\Windows\system32\config
2011-06-27 18:07:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-27 17:17:28 ----D---- C:\Windows\system32\catroot2
2011-06-26 13:42:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-06-25 10:15:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-25 10:15:42 ----SD---- C:\ProgramData\Microsoft
2011-06-25 10:14:47 ----RSD---- C:\Windows\assembly
2011-06-25 10:07:09 ----RD---- C:\Users
2011-06-24 13:35:40 ----D---- C:\Users\Libor\AppData\Roaming\vlc
2011-06-24 13:27:37 ----A---- C:\Windows\win.ini
2011-06-24 13:23:29 ----D---- C:\ProgramData\HP
2011-06-24 09:56:45 ----D---- C:\ProgramData\Shark007
2011-06-24 09:41:13 ----D---- C:\Windows\Logs
2011-06-24 00:01:29 ----D---- C:\Program Files\Common Files\Adobe
2011-06-23 23:58:32 ----D---- C:\Users\Libor\AppData\Roaming\TS3Client
2011-06-23 23:57:07 ----D---- C:\Windows\debug
2011-06-22 23:32:41 ----D---- C:\ProgramData\NVIDIA
2011-06-22 23:32:41 ----D---- C:\ProgramData\Kaspersky Lab
2011-06-22 22:55:14 ----D---- C:\Program Files (x86)\Foxit Software
2011-06-22 22:18:55 ----DC---- C:\Windows\system32\DRVSTORE
2011-06-19 23:36:59 ----D---- C:\Users\Libor\AppData\Roaming\dvdcss
2011-06-15 18:19:03 ----D---- C:\Windows\Microsoft.NET
2011-06-15 14:57:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-06-15 14:55:37 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-15 13:32:49 ----A---- C:\Windows\system32\MRT.exe
2011-06-15 13:32:43 ----D---- C:\ProgramData\Microsoft Help
2011-06-13 20:48:24 ----D---- C:\ProgramData\Codemasters
2011-06-11 22:49:21 ----D---- C:\Program Files (x86)\Java
2011-06-08 21:53:38 ----D---- C:\ProgramData\DVD Shrink
2011-06-08 10:59:35 ----D---- C:\Program Files (x86)\ParadisePoker
2011-06-07 09:15:08 ----A---- C:\Windows\system32\wrap_oal.dll
2011-06-07 09:15:08 ----A---- C:\Windows\system32\OpenAL32.dll
2011-06-07 09:15:07 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2011-06-07 09:15:07 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2011-06-04 21:04:04 ----D---- C:\Users\Libor\AppData\Roaming\Sports Interactive
2011-06-04 15:01:17 ----D---- C:\Program Files (x86)\Sony
2011-06-03 17:40:46 ----D---- C:\Program Files (x86)\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c); C:\Windows\system32\drivers\ps7akt6c.sys [2007-09-28 102544]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-24 834544]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-06-30 123784]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-06-30 88288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-20 1831968]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys []
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S3 aday20h9;aday20h9; C:\Windows\system32\drivers\aday20h9.sys []
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-16 6112672]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys [2011-01-18 55136]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-06-30 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2010-06-07 16384]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\syswow64\UAService7.exe [2010-06-18 217088]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c); C:\Windows\system32\pr2akt6c.exe [2007-09-28 777608]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 30 čer 2011 18:28

Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

tanhir · #3 Příspěvek od **tanhir** » 30 čer 2011 18:47

ComboFix 11-06-30.02 - Libor 30.06.2011 19:37:08.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2723 [GMT 2:00]
Spuštěný z: c:\users\Libor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Možné infikované stránky -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-28 do 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 17:40 . 2011-06-30 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 16:37 . 2011-06-30 16:38 -------- d-----w- C:\rsit
2011-06-30 16:37 . 2011-06-30 16:38 -------- d-----w- c:\program files\trend micro
2011-06-30 16:18 . 2011-06-30 16:18 -------- d-----w- c:\users\Libor\AppData\Roaming\Malwarebytes
2011-06-30 16:17 . 2011-06-30 16:17 -------- d-----w- c:\programdata\Malwarebytes
2011-06-30 16:17 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Libor\AppData\Roaming\Avira
2011-06-30 11:37 . 2011-06-30 14:04 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 11:37 . 2011-06-30 14:04 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-30 11:37 . 2011-06-30 11:37 -------- d-----w- c:\programdata\Avira
2011-06-30 11:37 . 2011-06-30 11:37 -------- d-----w- c:\program files (x86)\Avira
2011-06-30 11:31 . 2011-06-30 11:31 -------- d--h--w- c:\programdata\Common Files
2011-06-30 11:28 . 2011-06-30 11:31 -------- d-----w- c:\programdata\MFAData
2011-06-30 10:17 . 2011-06-30 10:17 155648 --sha-r- c:\windows\SysWow64\negoextsu.dll
2011-06-29 07:30 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2ED1DD2-CE7B-4D39-97B2-098B01F51CF1}\mpengine.dll
2011-06-27 15:42 . 1998-06-18 02:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2011-06-27 15:18 . 2011-06-27 15:18 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-26 11:42 . 2011-06-26 11:42 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 11:42 . 2011-06-26 11:42 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-25 08:07 . 2011-06-25 08:07 -------- d-----w- c:\users\vudce
2011-06-24 11:22 . 2011-06-24 11:22 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-06-24 11:20 . 2011-06-24 11:20 -------- d-----w- c:\program files\HP
2011-06-24 09:15 . 2011-06-24 09:20 -------- d-----w- c:\program files (x86)\Microsoft
2011-06-24 09:06 . 2011-06-24 09:06 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-06-24 08:08 . 2011-06-30 16:07 -------- d-----w- c:\users\Libor\AppData\Roaming\TweakNow RegCleaner 2011
2011-06-24 08:08 . 2011-06-30 16:07 -------- d-----w- c:\program files (x86)\TweakNow RegCleaner 2011
2011-06-23 08:17 . 2011-06-30 16:07 -------- d-----w- c:\program files (x86)\MSECACHE
2011-06-22 21:28 . 2011-06-22 21:28 -------- d-----w- c:\users\Libor\AppData\Local\VS Revo Group
2011-06-22 20:18 . 2010-09-22 22:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-06-22 07:54 . 2011-06-22 10:48 -------- d-----w- c:\users\Libor\AppData\Local\VirtuaTennis2009
2011-06-21 06:14 . 2011-06-21 06:14 -------- d--h--w- c:\windows\AxInstSV
2011-06-20 17:27 . 2011-06-21 15:01 -------- d-----w- c:\programdata\Tunngle
2011-06-20 17:27 . 2011-06-21 10:46 -------- d-----w- c:\users\Libor\AppData\Roaming\Tunngle
2011-06-20 17:27 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-06-16 11:47 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-15 13:00 . 2011-06-15 13:00 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2B09046-33F5-42AB-8D5F-38ED087E4AB5}\gapaengine.dll
2011-06-14 08:30 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB29FB33-A18C-4628-83DB-F21BFEE59776}\mpengine.dll
2011-06-11 20:49 . 2011-06-11 20:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-08 16:49 . 2011-06-08 16:49 -------- d-----w- c:\windows\Sun
2011-06-04 12:48 . 2011-06-04 12:48 -------- d-----w- c:\programdata\Sony Corporation
2011-06-04 12:43 . 2011-06-04 12:43 -------- d-----w- c:\users\Libor\AppData\Roaming\Sony Corporation
2011-06-04 12:39 . 2011-06-04 12:39 -------- d-----w- c:\users\Libor\AppData\Roaming\InstallShield
2011-06-02 07:00 . 2011-06-02 07:00 -------- d-----w- c:\program files (x86)\NeoDownloader
2011-06-02 06:48 . 2011-06-02 07:00 -------- d-----w- c:\users\Libor\AppData\Roaming\NeoDownloader
2011-06-01 20:03 . 2011-06-02 06:45 -------- d-----w- c:\program files (x86)\Mihov Picture Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 07:15 . 2010-12-24 11:25 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-07 07:15 . 2010-12-24 11:25 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-07 07:15 . 2010-12-24 11:25 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-07 07:15 . 2010-12-24 11:25 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-04 02:52 . 2010-05-16 12:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2009-09-08 14:48 64735 --sha-r- c:\windows\ConfigSetRoot\command.com
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PC Suite for Smartphones"="c:\program files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);c:\windows\system32\pr2akt6c.exe svc [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys [x]
S0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);c:\windows\system32\drivers\ps7akt6c.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-06-07 16384]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Libor\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.h\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-MsMpSvc
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3563194832-3888124798-3367111538-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:24,38,6d,c7,63,37,0e,cb,45,d6,69,a1,ff,24,3c,3d,1c,30,c8,3f,b2,0a,40,
85,2f,f6,f7,50,ea,d6,d7,84,b4,8f,51,75,ab,10,5a,68,e9,c7,2f,50,cb,30,f6,4e,\
"??"=hex:2c,b0,f9,4d,b9,6d,d4,c4,79,01,e6,6e,1f,5b,2c,de
.
[HKEY_USERS\S-1-5-21-3563194832-3888124798-3367111538-1001\Software\SecuROM\License information*]
"datasecu"=hex:36,73,37,48,e5,7b,33,b1,51,e7,25,c1,64,68,d1,de,1b,5b,e8,91,85,
3c,4c,57,35,61,38,e0,ec,58,f4,3d,8e,25,83,5a,23,51,19,56,e8,36,f3,5f,d2,d6,\
"rkeysecu"=hex:eb,ff,78,61,5a,40,4b,63,1e,d3,37,f6,a5,bd,39,ee
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\070E35738476CD113944006167AB249D\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="logger.exe"
"ComponentVersion"="1.0.0.17"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B150AC107B12D11A9DD0006794C4E25\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24"
"ComponentVersion"="6.0.8797.0"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0FF2AEFF45EEA0A48A4B33C1973B6094\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_msvcr71_dll_3_____X86.3643236F_FC70_11D3_A536_0090278A1BB8"
"ComponentVersion"="7.10.3052.4"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\102E101F48FA85D449C99D36C76CA269\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"="{B0BFD76D-DEDD-4269-9622-2757AF002FA4}"
"MediaCabinet"="MovieMaker_RTM_15.4.3508.1109"
"File"="SundanceRes"
"ComponentVersion"="15.4.3508.1109"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10003"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\170E35738476CD113944006167AB249D\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="logger.dll"
"ComponentVersion"="1.0.0.17"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1EDA8DD25C2B58444BB852AE1B48D90D\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="D3DX9_42DLL"
"ComponentVersion"="9.27.952.3001"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F16F47424372D111A99000A9CA05BF0\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\269AF799760E1D113969000A9CF0729F\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="2.40.4275.1"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\270E35738476CD113944006167AB249D\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="pccls.dll"
"ComponentVersion"="1.0.0.17"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2A532BBE4597DED408C8463BE231D97A\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml3.dll.C8C0673E_50E5_4AC4_817B_C0E4C4466990"
"ComponentVersion"="8.70.1104.0"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\305B09CE8C53A214DB58887F62F25536\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_msvcp71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8"
"ComponentVersion"="7.10.3077.0"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3178400169C22D11A9790006794C4E25\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24"
"ComponentVersion"="5.0.4275.1"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\34D916CD3E231894D9A9BD9EA1B80216\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"="{B0BFD76D-DEDD-4269-9622-2757AF002FA4}"
"MediaCabinet"="MovieMaker_RTM_15.4.3508.1109"
"File"="SundanceExe_File"
"ComponentVersion"="15.4.3508.1109"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10001"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\371D80253B7F2744E8FB93894A9D054C\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml3r.dll.C8C0673E_50E5_4AC4_817B_C0E4C4466990"
"ComponentVersion"="8.20.8730.1"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\52AA4CA3A82A90F428A603ACA026F053\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_mfc71u_dll_1_____X86.3643236F_FC70_11D3_A536_0090278A1BB8"
"ComponentVersion"="7.10.3077.0"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\565FE2FF5CC802541808646E1F205D58\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"="{B0BFD76D-DEDD-4269-9622-2757AF002FA4}"
"MediaCabinet"="MovieMaker_RTM_15.4.3508.1109"
"File"="MovieMakerPreviewClient.dll"
"ComponentVersion"="15.4.3508.1109"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10000"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6BB6FCC7AE819404CB3F22B6AE2A409B\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="D3DX10_42DLL"
"ComponentVersion"="9.27.952.3001"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\73EECFEAB6256594692F6C2E33E0A27C\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDSVC.EXE.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7B0C9993D8DA2624384812ECDDB65574\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_LIVESSP_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\84AC706F233C9204FAA893DB6F19C24D\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_mfc71_dll_1_____X86.3643236F_FC70_11D3_A536_0090278A1BB8"
"ComponentVersion"="7.10.3077.0"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8D30F2DD647CC694F8C0BB8051AB42AE\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SDKCOMPONENTS_PPCRL_MSIDCRL40.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9C495D138D4ED5843914DD78DAA6BC94\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDPROV.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A25BD59580A90CF4D8BA52D5806E4854\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDSVCM.EXE.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A84927CD0666D0545886CD341F90D0C8\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDNSP_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A96A4D227AF349D44B623F3218D76E2B\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SDKCOMPONENTS_PPCRL_MSIDCRL40_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AB03DC935D903204D98088CA3FEF4E35\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SDKCOMPONENTS_PPCRL_PPCRLCONFIG.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="8.0.15114.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AD1ABCF6D0E6B5C4788476CD4BF91737\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDRES.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B2F31227A0823C449A97DFB184D9FA71\4314AE291D01A814191EA5403531A183]
@DACL=(02 0000)
"PatchGUID"="{B0BFD76D-DEDD-4269-9622-2757AF002FA4}"
"MediaCabinet"="MovieMaker_RTM_15.4.3508.1109"
"File"="SundanceLang_File"
"ComponentVersion"="15.4.3508.1109"
"ProductVersion"="15.4.3502"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10002"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA7FA13822F4E8F45982137ABA12C3E8\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDNSP.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EC681436EC2699446B304314EF0B8271\BE9EA3C0A0F2E1545A4EB26FFA2FF19B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="tlib_log.dll"
"ComponentVersion"="1.1.1.147"
"ProductVersion"="1.6.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EDD37DFD921EF6346971F73F652ADFC9\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPCRL_WLIDPROV_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F6ED3B2A13600CD419A9B6E14A72A3DA\26ABA8B10F47DE741BC84A13825E198B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SDKCOMPONENTS_PPCRL_IDBHO_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
"ComponentVersion"="7.250.4225.0"
"ProductVersion"="7.250.4225"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B4A0506E2834CC4E1DD6173BD6F01FA516C5490E73F2BC496BE849C15404E89E58C7E6481BDEA036FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6171C11EC38DE3D9DB7CE019D40AA5C261B0ED3BFC509E0C232EC948CA7195B66CEB82402EA445C4273AA10C6967CEC983C4556CCA7E84AA138BCB35374307F36D9AA84C8A3159258F7113DEBB5663B7B56AFE445953730ABCCA731F5476C02766EF11EC6169B8135C9222A97DFB4C094B9FC1295EBFD96FAC2D8A7434EE6BDB67ED633D1E01BFEFC9E6362C748F5E9BC7A1051FD8B3CA0C0ABB017613C29321ABE566B13A64B82676C10D7CAA0B0C8E171807D1159E29A3CE4C4DFC844B301D729A3520A8DD926C1ED95DF42205E1204B91BD2363DD7F146875CCAC622F772BC7E22D606C1E42C6D2417AF25046B1E3AB2DDF32BA476B747F7F4807B935D7026BDECCCAEEF81775B4FEA65BF0BB7EAAC827C65FE7F8AA23DD93F8EDAD93F8A8830526C7D4CB61017F91C812FF89B189811DF101443D80CBC161F69AE39EC736ADD524FBE0D02A1BBEB686867945C6A4F89A143236715F16A5AACE6937D2902E79422F517EC52FB783743E2AD2C394B365C922FB8696AF58098B541FAF22AB1AEE72C44792A8C93132DD11C1E0D62C847BDB4E8B2C9F6DE4D84391629EB9C20832E8E0031878800E2E4EF26278AFC128E26426A478DCC95B318EDE8B53D9E12BE009956DBCB11FD55BAAC730CFD237D2ED0A4907CBD70A82A8F3A9F0FC0C2EB48BCD2556BC167EBE9CD485EE2C1DF025B3F7C9DAE65DD4B39EDBB0575D5113B2285F47124B73FCD34003B211636B5BE5E359C368D17035001F642C6FDDB04AC5FC1EC812280C04D5DF9AE5EE5BF997296B90CE49D654033B3B3D27711390A15A51A5B40D1F308B4232503996344F304F29A0715B56AEC139671A60FEBD7086AB17E96CEF4E925F4D132493B76B0A17BF9E6FD99814253AF04C2A8E59D265347D2A0A82FA1C39B20D113C70FD8F3F38545F29228010EAFF06BF97ABB0D1437EA6B754EC9C0E263709900FA461B02317302D69DD808F236DF4DB3F031F1977238F3387AE8922EE941B4F30EF41E53903AEF6FAAAA3F188CA9C249144FD92B3936F566D03C26908D9044ADE61499E1C0F165DCF8FCA02BCA20F25F9F7DA3CCB18F12C22BD762782384FCB01BFE982E61584D027B97FD5C813B1D59060D07FD7713FAD297B30158F16427C3747679BB874EA288DA22F95FB01315DFE92F8A439934F861D7290FA6379B1D7271206F13BCD7F6DA70AA0CEF50E5BF61A4F90CA61A0966FBE078705E22BA520BC48280BEFD20F0AA4FA280C7C795170F43E7BBB6EF4EB1755C4658FED7F448A1D58A874FBCF0C76BB75FF7A87828"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,57,c7,1b,31,49,37,81,75,ce,c3,a7,5b,16,8f,ae,f7,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\UAService7.exe
.
**************************************************************************
.
Celkový čas: 2011-06-30 19:46:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-30 17:46
ComboFix2.txt 2011-06-30 15:52
.
Před spuštěním: Volných bajtů: 33 030 344 704
Po spuštění: Volných bajtů: 32 961 630 208
.
- - End Of File - - A8637A74011CA77F8590AFBE603EE3AF

#4 Příspěvek od **Rudy** » 30 čer 2011 18:50

Několik infikovaných položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

tanhir · #5 Příspěvek od **tanhir** » 30 čer 2011 19:31

Zdá se, že vše je v pořádku. Děkuji.

#6 Příspěvek od **Rudy** » 30 čer 2011 19:31

Nemáte zač!

VIRY.CZ

Nelze spustit centrum zabezpečení

Nelze spustit centrum zabezpečení

Re: Nelze spustit centrum zabezpečení

Re: Nelze spustit centrum zabezpečení

Re: Nelze spustit centrum zabezpečení

Re: Nelze spustit centrum zabezpečení

Re: Nelze spustit centrum zabezpečení