Prosim o preventivku

Zpráva

tantal69 · #1 Příspěvek od **tantal69** » 12 zář 2011 18:32

Prosim o preventivku.Dakujem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2011-09-12 19:21:26
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 49 GB (49%) free of 100 GB
Total RAM: 2039 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:42, on 12. 9. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ZSSnp211.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Domino.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Downloads\RSIT (4).exe
C:\Program Files\trend micro\Mato.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ArchiBar Toolbar - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - file:///C:/Users/Mato/Desktop/GOPAS/overview/shock/swinst.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: CMDUBTHCJT - Unknown owner - C:\Users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe (file missing)
O23 - Service: DRFIVHZM - Unknown owner - C:\Users\Mato\AppData\Local\Temp\DRFIVHZM.exe (file missing)
O23 - Service: EBZZWRCDX - Unknown owner - C:\Users\Mato\AppData\Local\Temp\EBZZWRCDX.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe
O23 - Service: EXJGN - Unknown owner - C:\Users\Mato\AppData\Local\Temp\EXJGN.exe (file missing)
O23 - Service: EZVMN - Unknown owner - C:\Users\Mato\AppData\Local\Temp\EZVMN.exe (file missing)
O23 - Service: FFIG - Unknown owner - C:\Users\Mato\AppData\Local\Temp\FFIG.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IRBXDQSBZOT - Unknown owner - C:\Users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe (file missing)
O23 - Service: KFKEWR - Unknown owner - C:\Users\Mato\AppData\Local\Temp\KFKEWR.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: WNGVJMGHMENI - Unknown owner - C:\Users\Mato\AppData\Local\Temp\WNGVJMGHMENI.exe (file missing)
O23 - Service: XOPZRVBQ - Unknown owner - C:\Users\Mato\AppData\Local\Temp\XOPZRVBQ.exe (file missing)

--
End of file - 12146 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\4i4908cv.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "chrome://speeddial/content/speeddial.xul"
prefs.js - "extensions.enabledItems" - "{64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1, ietab@ip.cn:1.95.20100933, smarterwiki@wikiatic.com:4.1.8, allglassv2@ambroos.neowin.net:2.1.4, firegestures@xuldev.org:1.6.1, bkmrksync@nokia.com:1.0.0.732, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {64D9B72C-E42A-490e-9181-221E1E035A14}:14.0.0.3453, extension@openitonline.com:3.0, amin.eft_Shutdown@gmail.com:3.6.2D, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}:1.1.95.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, nasanightlaunch@example.com:0.6.20101009"
prefs.js - "keyword.URL" - "http://www.google.sk/search?hl=sk&lr=la ... ang_1sk&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npFoxitReaderPlugin.dll
npganymedenet.dll
npganymedenet.xpt
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npyaxmpb.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\4i4908cv.default\extensions\
amin.eft_Shutdown@gmail.com
ietab@ip.cn
maps@ovi.com
ozymandias@securityheroes.com
{37E4D8EA-8BDA-4831-8EA1-89053939A250}
{64D9B72C-E42A-490e-9181-221E1E035A14}
{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
{b68dfae5-1903-4a03-8094-c973bf7e483e}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
ArchiBar Toolbar - C:\Program Files\ArchiBar\tbArch.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{24cc1362-11c6-4918-a2c0-b9ee5a563185} - ArchiBar Toolbar - C:\Program Files\ArchiBar\tbArch.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"ZSSnp211"=C:\Windows\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\Windows\Domino.exe [2006-08-18 49152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2011-03-25 64112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-06-03 2734184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"=C:\Program Files\Mozilla Thunderbird\thunderbird -turbo []
"Google Update"=C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 718208]
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2011-07-20 94120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\Program Files\Sandboxie\SbieCtrl.exe [2010-07-04 398568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~3\OBJECT~1.EXE [2010-10-12 4142448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
TB-Tray.lnk - C:\Program Files\Thunderbird-Tray\TBTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll [2010-03-24 511344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=i420vfw.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"vidc.DIVX"=DivX.dll
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-12 19:01:01 ----D---- C:\ProgramData\ESET
2011-09-08 22:45:36 ----D---- C:\Program Files\trend micro
2011-09-08 22:45:34 ----D---- C:\rsit
2011-09-07 21:27:11 ----D---- C:\ProgramData\Apple Computer
2011-09-07 21:27:03 ----A---- C:\Windows\system32\QTCF.dll
2011-09-07 21:26:55 ----D---- C:\Program Files\QT Lite
2011-09-05 19:52:08 ----D---- C:\Users\Mato\AppData\Roaming\Sync App Settings
2011-09-05 19:49:50 ----D---- C:\ProgramData\Sync App Settings
2011-09-05 19:49:17 ----D---- C:\Program Files\Allway Sync
2011-09-05 19:07:40 ----D---- C:\Users\Mato\AppData\Roaming\AutomaticUSBBackup
2011-08-29 20:11:10 ----D---- C:\Users\Mato\AppData\Roaming\Android
2011-08-29 18:26:54 ----D---- C:\Sign+_v1.2.2
2011-08-29 18:02:58 ----D---- C:\apkPack
2011-08-29 18:02:57 ----D---- C:\apkEdit
2011-08-28 20:03:59 ----D---- C:\Program Files\Totato
2011-08-28 18:43:58 ----D---- C:\xdaAutoTool
2011-08-28 18:07:32 ----D---- C:\Program Files\Potato
2011-08-28 14:55:07 ----D---- C:\Program Files\CamStudio 2.6b
2011-08-28 14:55:07 ----A---- C:\Windows\system32\CamCodec.dll
2011-08-24 21:27:28 ----A---- C:\Windows\system32\tzres.dll
2011-08-17 18:22:37 ----D---- C:\Users\Mato\AppData\Roaming\Dropbox
2011-08-16 21:33:31 ----D---- C:\Program Files\Common Files\PCSuite
2011-08-16 21:33:29 ----D---- C:\Program Files\Common Files\Nokia
2011-08-16 21:33:12 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2011-08-16 21:32:54 ----D---- C:\Program Files\PC Connectivity Solution
2011-08-16 21:31:40 ----D---- C:\Program Files\Nokia
2011-08-16 20:45:30 ----A---- C:\Windows\system32\drivers\k510whnt.sys
2011-08-16 20:45:30 ----A---- C:\Windows\system32\drivers\k510wh.sys
2011-08-16 20:45:30 ----A---- C:\Windows\system32\drivers\k510obex.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510mgmt.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510mdm.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510mdfl.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510cmnt.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510cm.sys
2011-08-16 20:45:29 ----A---- C:\Windows\system32\drivers\k510bus.sys
2011-08-14 20:21:32 ----D---- C:\Program Files\MiniTool Partition Wizard Home Edition 6.0

======List of files/folders modified in the last 1 month======

2011-09-12 19:20:33 ----D---- C:\Users\Mato\AppData\Roaming\FileZilla
2011-09-12 19:19:47 ----D---- C:\Windows\Minidump
2011-09-12 19:19:47 ----D---- C:\Windows\debug
2011-09-12 19:19:47 ----AD---- C:\Windows
2011-09-12 19:19:10 ----D---- C:\Windows\Temp
2011-09-12 19:16:01 ----D---- C:\Windows\system32\config
2011-09-12 19:04:52 ----SHD---- C:\Windows\Installer
2011-09-12 19:03:40 ----D---- C:\Windows\system32\drivers
2011-09-12 19:03:36 ----D---- C:\Windows\inf
2011-09-12 19:03:33 ----D---- C:\Windows\system32\catroot
2011-09-12 19:03:32 ----D---- C:\Windows\system32\DriverStore
2011-09-12 19:03:17 ----D---- C:\Windows\system32\catroot2
2011-09-12 19:01:01 ----HD---- C:\ProgramData
2011-09-12 18:50:34 ----D---- C:\ProgramData\VMware
2011-09-12 18:26:56 ----D---- C:\Users\Mato\AppData\Roaming\MyPhoneExplorer
2011-09-11 19:55:10 ----SHD---- C:\System Volume Information
2011-09-08 22:45:36 ----RD---- C:\Program Files
2011-09-08 21:53:31 ----D---- C:\Program Files\Mozilla Firefox
2011-09-08 16:37:28 ----D---- C:\Windows\System32
2011-09-08 16:37:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-08 16:04:13 ----D---- C:\Program Files\Mozilla Thunderbird
2011-09-07 22:12:17 ----D---- C:\Users\Mato\AppData\Roaming\.purple
2011-09-07 21:26:49 ----D---- C:\Windows\winsxs
2011-09-06 20:47:16 ----D---- C:\ProgramData\boost_interprocess
2011-09-06 15:56:35 ----D---- C:\Windows\Prefetch
2011-09-04 20:59:38 ----D---- C:\Program Files\FileZilla FTP Client
2011-08-31 17:39:21 ----D---- C:\Windows\rescache
2011-08-30 20:51:11 ----D---- C:\Program Files\Cyklotrasy SK
2011-08-28 20:51:18 ----RSD---- C:\Windows\assembly
2011-08-28 20:51:18 ----D---- C:\Windows\Microsoft.NET
2011-08-24 22:09:51 ----D---- C:\Windows\system32\sk-SK
2011-08-22 18:59:40 ----D---- C:\Program Files\Pidgin
2011-08-21 22:19:20 ----D---- C:\Users\Mato\AppData\Roaming\gtk-2.0
2011-08-20 09:46:26 ----D---- C:\Users\Mato\AppData\Roaming\Mozilla
2011-08-16 21:35:23 ----D---- C:\Windows\system32\drivers\UMDF
2011-08-16 21:33:31 ----D---- C:\Program Files\Common Files
2011-08-16 21:33:12 ----DC---- C:\Windows\system32\DRVSTORE
2011-08-16 21:30:51 ----D---- C:\ProgramData\Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-25 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-17 218688]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2011-07-11 54776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-06-03 147480]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2010-07-04 119016]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 Andbus;LGE Android Platform Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\Windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\lgandadb.sys [2010-08-02 25728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\Windows\system32\DRIVERS\k510bus.sys [2005-10-07 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k510mdfl.sys [2005-10-07 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\k510mdm.sys [2005-10-07 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\k510mgmt.sys [2005-10-07 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\k510obex.sys [2005-10-07 83344]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2011-05-06 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2011-05-06 11104]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\Windows\system32\DRIVERS\sea1bus.sys [2006-11-20 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\sea1mdfl.sys [2006-11-20 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\sea1mdm.sys [2006-11-20 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\sea1mgmt.sys [2006-11-20 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\Windows\system32\DRIVERS\sea1nd5.sys [2006-11-20 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\sea1obex.sys [2006-11-20 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\Windows\system32\DRIVERS\sea1unic.sys [2006-11-20 90800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-03-25 31280]
S3 vvftav211;vvftav211; C:\Windows\system32\drivers\vvftav211.sys [2007-12-10 480128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2011-07-11 53016]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-07-04 75496]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2011-03-25 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-09 148832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-02-08 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CMDUBTHCJT;CMDUBTHCJT; C:\Users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe []
S3 DRFIVHZM;DRFIVHZM; C:\Users\Mato\AppData\Local\Temp\DRFIVHZM.exe []
S3 EBZZWRCDX;EBZZWRCDX; C:\Users\Mato\AppData\Local\Temp\EBZZWRCDX.exe []
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]
S3 EXJGN;EXJGN; C:\Users\Mato\AppData\Local\Temp\EXJGN.exe []
S3 EZVMN;EZVMN; C:\Users\Mato\AppData\Local\Temp\EZVMN.exe []
S3 FFIG;FFIG; C:\Users\Mato\AppData\Local\Temp\FFIG.exe []
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
S3 IRBXDQSBZOT;IRBXDQSBZOT; C:\Users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe []
S3 KFKEWR;KFKEWR; C:\Users\Mato\AppData\Local\Temp\KFKEWR.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 zář 2011 19:46

Zdravim a pekny vecer preji

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

tantal69 · #3 Příspěvek od **tantal69** » 12 zář 2011 19:49

Dakujem, napodobne

Tu je log

info.txt logfile of random's system information tool 1.09 2011-09-08 22:46:33

======Uninstall list======

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe PageMaker 7.0-->C:\Windows\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aktualizácia balíka Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041B-0000-0000000FF1CE}" "{BE9C0C61-3961-4E01-8A95-4AA451983590}" "1051" "0"
Allway Sync version 11.3.11-->"C:\Program Files\Allway Sync\unins000.exe"
Any Video Converter 3.2.7-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
AppInventor Setup-->C:\Program Files\AppInventor\commands-for-Appinventor\uninstall.exe
ArchiBar Toolbar-->C:\PROGRA~1\ArchiBar\UNWISE.EXE /U C:\PROGRA~1\ArchiBar\INSTALL.LOG
ArchiCAD 13 CZE-->C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\uninstaller.exe
ArchiCAD 14 CZE-->C:\Program Files\Graphisoft\ArchiCAD 14\Uninstall.AC\uninstaller.exe
Artlantis Studio 3.0.2-->C:\Program Files\Artlantis Studio 3\uninst.exe
Artlantis Studio 3-->MsiExec.exe /I{5C8F7549-334F-4119-8CAC-03F1815B56C1}
Aspell Slovak Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
CamStudio OSS Desktop Recorder-->"C:\Program Files\CamStudio 2.6b\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{06C723B9-ADF5-42BC-B949-D14D6C6628B9}" "1051" "0"
DiffMerge 1.0.6-->"C:\Program Files\Potato\DiffMerge\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EVEREST Ultimate Edition v5.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
floAt's Mobile Agent 2-->"C:\Program Files\FMA 2\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GIMP 2.4.7-->"D:\GIMP-2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Earth Connections AC13 INT-->C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.GE\uninstaller.exe
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Google SketchUp 8-->MsiExec.exe /X{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}
Google Talk Plugin-->MsiExec.exe /I{A89DEBCA-F743-3412-97F6-B2E489194551}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
IDX Renditioner-->MsiExec.exe /I{D9432306-513A-4695-977E-FC6AD9C3ED98}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java DB 10.6.2.1-->MsiExec.exe /X{73EC658D-A1C6-40CA-8E86-E05821BAACE7}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Java(TM) SE Development Kit 6 Update 25-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160250}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
JLC's Internet TV-->"C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG United Mobile Driver-->"C:\Program Files\InstallShield Installation Information\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}\setup.exe" -runfromtemp -l0x041b -removeonly
LG USB WML Modem Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBA0CA60-8BF2-4381-B819-74F020E165A9}\setup.exe" -l0x9 LG -removeonly
LSI HDA Modem-->C:\Windows\agrsmdel
Malwarebytes' Anti-Malware verzia 1.51.1.1800-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCCI(r)Firmware Update Driver for MTK-->MsiExec.exe /I{13E92303-C1AC-4012-9E22-54EACBF54888}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit-->MsiExec.exe /X{95140000-007D-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MiniTool Partition Wizard Home Edition 6.0-->"C:\Program Files\MiniTool Partition Wizard Home Edition 6.0\unins000.exe"
Mozilla Firefox 6.0 (x86 sk)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (6.0.2)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MozyHome-->MsiExec.exe /X{EB020347-354D-A1AF-F265-84B5427C96BA}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
NAVIGON Fresh 3.3.2-->C:\Program Files\NAVIGON\NAVIGON Fresh\uninst.exe
Need For Speed™ World-->"C:\Program Files\Electronic Arts\Need For Speed World\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{2D99A593-C841-43A7-B7C9-D6F3AE70B756}
Nokia PC Suite-->C:\ProgramData\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Nokia_PC_Suite_slk_web (1).exe
Nokia PC Suite-->MsiExec.exe /I{D0D14551-3A2D-433B-861F-F4DCE5422759}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
ObjectDock Plus 2-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
OpenOffice.org 3.3 Language Pack (Slovak)-->MsiExec.exe /I{28193F84-CAC2-448D-9C70-304DE5F41679}
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
OverDisk (remove only)-->"C:\Program Files\OverDisk\uninstall.exe"
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
OziExplorer 3.95-->"c:\OziExplorer\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{C373F7C4-05D2-4047-96D1-6AF30661C6AA}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QT Lite 4.1.0-->"C:\Program Files\QT Lite\unins000.exe"
Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Sandboxie 3.46-->"C:\Windows\Installer\SandboxieInstall32.exe" /remove
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2523021)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{AA9E4C48-857D-4558-A4F4-343CA7680277}" "1051" "0"
Security Update for Microsoft InfoPath 2010 (KB2510065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3C6C6854-EB6B-455C-B0A6-9871F0538028}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1051" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1051" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1051" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1051" "0"
SketchyPhysics3.1-->"C:\Program Files\Google\Google Sketchup 8\plugins\SketchyPhysics3\uninst\unins000.exe"
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Stardock Software-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
SUPER © v2011.build.48 (April 23, 2011) verzia v2011.build.48-->"C:\Program Files\eRightSoft\SUPER\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.71 100812-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1051" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1051" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1051" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1051" "0"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VirusTotal Uploader 2.0-->"C:\Program Files\VirusTotalUploader2\uninstall.exe"
VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Windows Driver Package - Nokia Modem (02/25/2011 4.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_73c28da64803cefc\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_13826104cd8e800f\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Family Safety-->MsiExec.exe /I{A27DED03-CADE-4847-97D8-B198A8E57F3E}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{02C0A02E-AB30-446C-B4C3-A03310D95F53}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 4.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
ZSMC USB PC Camera (ZS0211)-->C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe -runfromtemp -l0x001b -removeonly

======Hosts File======

127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de
127.0.0.1 m-i.extensoft.com

======System event log======

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox DefaultBox specifies unknown template BlockPorts
Record Number: 104208
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox TemplateSettings specifies unknown template NOD32
Record Number: 104207
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox DefaultBox specifies unknown template NOD32
Record Number: 104206
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 41
Message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Record Number: 104176
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20110310203203.535230-000
Event Type: Critical
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 6008
Message: The previous system shutdown at 21:29:19 on ‎10. ‎3. ‎2011 was unexpected.
Record Number: 104172
Source Name: EventLog
Time Written: 20110310203215.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Mato-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 213
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100629144058.658401-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 201
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100629135527.701280-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 752) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application.
Record Number: 135
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100629135113.889810-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Mato-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-232530544-1741318313-884996648-1000:
Process 416 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-232530544-1741318313-884996648-1000

Record Number: 108
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100629131124.359385-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 89
Source Name: Microsoft-Windows-Search
Time Written: 20100629131009.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Mato-PC
Event Code: 5056
Message: A cryptographic self test was performed.

Subject:
Security ID: S-1-5-18
Account Name: MATO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Module: ncrypt.dll

Return Code: 0x0
Record Number: 16584
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164903.956430-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys
Record Number: 16583
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164903.316829-000
Event Type: Audit Failure
User:

Computer Name: Mato-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 16582
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.335626-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MATO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1fc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 16581
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.335626-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 16580
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.273226-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"LANG"=cs_CZ
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QT Lite\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"tvdumpflags"=8

-----------------EOF-----------------

tantal69 · #4 Příspěvek od **tantal69** » 12 zář 2011 19:49

Dakujem, napodobne

Tu je log

info.txt logfile of random's system information tool 1.09 2011-09-08 22:46:33

======Uninstall list======

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe PageMaker 7.0-->C:\Windows\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aktualizácia balíka Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041B-0000-0000000FF1CE}" "{BE9C0C61-3961-4E01-8A95-4AA451983590}" "1051" "0"
Allway Sync version 11.3.11-->"C:\Program Files\Allway Sync\unins000.exe"
Any Video Converter 3.2.7-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
AppInventor Setup-->C:\Program Files\AppInventor\commands-for-Appinventor\uninstall.exe
ArchiBar Toolbar-->C:\PROGRA~1\ArchiBar\UNWISE.EXE /U C:\PROGRA~1\ArchiBar\INSTALL.LOG
ArchiCAD 13 CZE-->C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\uninstaller.exe
ArchiCAD 14 CZE-->C:\Program Files\Graphisoft\ArchiCAD 14\Uninstall.AC\uninstaller.exe
Artlantis Studio 3.0.2-->C:\Program Files\Artlantis Studio 3\uninst.exe
Artlantis Studio 3-->MsiExec.exe /I{5C8F7549-334F-4119-8CAC-03F1815B56C1}
Aspell Slovak Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
CamStudio OSS Desktop Recorder-->"C:\Program Files\CamStudio 2.6b\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{06C723B9-ADF5-42BC-B949-D14D6C6628B9}" "1051" "0"
DiffMerge 1.0.6-->"C:\Program Files\Potato\DiffMerge\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EVEREST Ultimate Edition v5.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
floAt's Mobile Agent 2-->"C:\Program Files\FMA 2\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GIMP 2.4.7-->"D:\GIMP-2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Earth Connections AC13 INT-->C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.GE\uninstaller.exe
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Google SketchUp 8-->MsiExec.exe /X{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}
Google Talk Plugin-->MsiExec.exe /I{A89DEBCA-F743-3412-97F6-B2E489194551}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
IDX Renditioner-->MsiExec.exe /I{D9432306-513A-4695-977E-FC6AD9C3ED98}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java DB 10.6.2.1-->MsiExec.exe /X{73EC658D-A1C6-40CA-8E86-E05821BAACE7}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Java(TM) SE Development Kit 6 Update 25-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160250}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
JLC's Internet TV-->"C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG United Mobile Driver-->"C:\Program Files\InstallShield Installation Information\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}\setup.exe" -runfromtemp -l0x041b -removeonly
LG USB WML Modem Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBA0CA60-8BF2-4381-B819-74F020E165A9}\setup.exe" -l0x9 LG -removeonly
LSI HDA Modem-->C:\Windows\agrsmdel
Malwarebytes' Anti-Malware verzia 1.51.1.1800-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCCI(r)Firmware Update Driver for MTK-->MsiExec.exe /I{13E92303-C1AC-4012-9E22-54EACBF54888}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit-->MsiExec.exe /X{95140000-007D-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MiniTool Partition Wizard Home Edition 6.0-->"C:\Program Files\MiniTool Partition Wizard Home Edition 6.0\unins000.exe"
Mozilla Firefox 6.0 (x86 sk)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (6.0.2)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MozyHome-->MsiExec.exe /X{EB020347-354D-A1AF-F265-84B5427C96BA}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
NAVIGON Fresh 3.3.2-->C:\Program Files\NAVIGON\NAVIGON Fresh\uninst.exe
Need For Speed™ World-->"C:\Program Files\Electronic Arts\Need For Speed World\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{2D99A593-C841-43A7-B7C9-D6F3AE70B756}
Nokia PC Suite-->C:\ProgramData\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Nokia_PC_Suite_slk_web (1).exe
Nokia PC Suite-->MsiExec.exe /I{D0D14551-3A2D-433B-861F-F4DCE5422759}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
ObjectDock Plus 2-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
OpenOffice.org 3.3 Language Pack (Slovak)-->MsiExec.exe /I{28193F84-CAC2-448D-9C70-304DE5F41679}
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
OverDisk (remove only)-->"C:\Program Files\OverDisk\uninstall.exe"
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
OziExplorer 3.95-->"c:\OziExplorer\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{C373F7C4-05D2-4047-96D1-6AF30661C6AA}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QT Lite 4.1.0-->"C:\Program Files\QT Lite\unins000.exe"
Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Sandboxie 3.46-->"C:\Windows\Installer\SandboxieInstall32.exe" /remove
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2523021)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{AA9E4C48-857D-4558-A4F4-343CA7680277}" "1051" "0"
Security Update for Microsoft InfoPath 2010 (KB2510065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3C6C6854-EB6B-455C-B0A6-9871F0538028}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1051" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1051" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1051" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1051" "0"
SketchyPhysics3.1-->"C:\Program Files\Google\Google Sketchup 8\plugins\SketchyPhysics3\uninst\unins000.exe"
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Stardock Software-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
SUPER © v2011.build.48 (April 23, 2011) verzia v2011.build.48-->"C:\Program Files\eRightSoft\SUPER\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.71 100812-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1051" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1051" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1051" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1051" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1051" "0"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VirusTotal Uploader 2.0-->"C:\Program Files\VirusTotalUploader2\uninstall.exe"
VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Windows Driver Package - Nokia Modem (02/25/2011 4.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_73c28da64803cefc\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_13826104cd8e800f\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Family Safety-->MsiExec.exe /I{A27DED03-CADE-4847-97D8-B198A8E57F3E}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{02C0A02E-AB30-446C-B4C3-A03310D95F53}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 4.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
ZSMC USB PC Camera (ZS0211)-->C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe -runfromtemp -l0x001b -removeonly

======Hosts File======

127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de
127.0.0.1 m-i.extensoft.com

======System event log======

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox DefaultBox specifies unknown template BlockPorts
Record Number: 104208
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox TemplateSettings specifies unknown template NOD32
Record Number: 104207
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 1411
Message: SBIE1411 Sandbox DefaultBox specifies unknown template NOD32
Record Number: 104206
Source Name: SbieDrv
Time Written: 20110310203216.951253-000
Event Type: Warning
User:

Computer Name: Mato-PC
Event Code: 41
Message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Record Number: 104176
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20110310203203.535230-000
Event Type: Critical
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 6008
Message: The previous system shutdown at 21:29:19 on ‎10. ‎3. ‎2011 was unexpected.
Record Number: 104172
Source Name: EventLog
Time Written: 20110310203215.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Mato-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 213
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100629144058.658401-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 201
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100629135527.701280-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 752) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application.
Record Number: 135
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100629135113.889810-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Mato-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-232530544-1741318313-884996648-1000:
Process 416 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-232530544-1741318313-884996648-1000

Record Number: 108
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100629131124.359385-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Mato-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 89
Source Name: Microsoft-Windows-Search
Time Written: 20100629131009.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Mato-PC
Event Code: 5056
Message: A cryptographic self test was performed.

Subject:
Security ID: S-1-5-18
Account Name: MATO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Module: ncrypt.dll

Return Code: 0x0
Record Number: 16584
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164903.956430-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys
Record Number: 16583
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164903.316829-000
Event Type: Audit Failure
User:

Computer Name: Mato-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 16582
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.335626-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MATO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1fc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 16581
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.335626-000
Event Type: Audit Success
User:

Computer Name: Mato-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 16580
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116164901.273226-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"LANG"=cs_CZ
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QT Lite\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"tvdumpflags"=8

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 12 zář 2011 19:52

Jsou s PC nejake problemy

Havet tam nevidim, pouze nejake drobnosti a zybtecnosti

tantal69 · #6 Příspěvek od **tantal69** » 12 zář 2011 20:00

PC je v poriadku ziadal som len preventivnu kontrolu aby som mal istotu.

#7 Příspěvek od **vyosek** » 13 zář 2011 08:00

Preci jen si dovolim ale mensi "zasah", jelikoz se mi tam neco nezda

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tantal69 · #8 Příspěvek od **tantal69** » 13 zář 2011 18:11

ComboFix 11-09-13.02 - Mato . 09. 2011 18:48:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2039.627 [GMT 2:00]
Running from: c:\users\Mato\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 17:01 . 2011-09-13 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 16:28 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872DC009-1C05-4D3D-88D6-33217A2CD734}\mpengine.dll
2011-09-11 18:28 . 2011-09-11 20:29 512 ----a-w- C:\PhysicalMBR.bin
2011-09-08 20:45 . 2011-09-12 17:21 -------- d-----w- c:\program files\trend micro
2011-09-08 20:45 . 2011-09-08 20:46 -------- d-----w- C:\rsit
2011-09-07 19:27 . 2011-09-07 19:27 -------- d-----w- c:\programdata\Apple Computer
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-09-07 19:27 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-09-07 19:27 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 19:27 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-09-07 19:26 . 2011-09-07 19:27 -------- d-----w- c:\program files\QT Lite
2011-09-05 17:52 . 2011-09-05 17:52 -------- d-----w- c:\users\Mato\AppData\Roaming\Sync App Settings
2011-09-05 17:49 . 2011-09-05 17:49 -------- d-----w- c:\programdata\Sync App Settings
2011-09-05 17:49 . 2011-09-13 16:31 -------- d-----w- c:\program files\Allway Sync
2011-09-05 17:07 . 2011-09-05 17:11 -------- d-----w- c:\users\Mato\AppData\Roaming\AutomaticUSBBackup
2011-08-29 18:11 . 2011-08-29 18:12 -------- d-----w- c:\users\Mato\AppData\Roaming\Android
2011-08-29 16:26 . 2011-08-29 16:39 -------- d-----w- C:\Sign+_v1.2.2
2011-08-29 16:02 . 2011-08-29 17:35 -------- d-----w- C:\apkPack
2011-08-29 16:02 . 2011-08-29 17:32 -------- d-----w- C:\apkEdit
2011-08-28 18:03 . 2011-08-28 18:03 -------- d-----w- c:\program files\Totato
2011-08-28 16:43 . 2011-08-29 17:44 -------- d-----w- C:\xdaAutoTool
2011-08-28 16:07 . 2011-08-28 16:07 43 ----a-w- c:\windows\system32\msdm32.vxd
2011-08-28 16:07 . 2011-08-28 16:07 -------- d-----w- c:\program files\Potato
2011-08-28 15:32 . 2000-05-23 05:58 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2011-08-28 15:32 . 1998-06-24 13:00 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-08-28 12:55 . 2011-08-28 13:19 -------- d-----w- c:\program files\CamStudio 2.6b
2011-08-28 12:55 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-08-24 19:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-17 16:25 . 2011-08-18 18:44 -------- d-----r- c:\users\Mato\Dropbox
2011-08-17 16:22 . 2011-08-18 18:46 -------- d-----w- c:\users\Mato\AppData\Roaming\Dropbox
2011-08-16 19:33 . 2011-08-16 19:33 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-16 19:33 . 2011-08-16 19:33 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-16 19:33 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-16 19:32 . 2011-08-16 19:32 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-16 19:31 . 2011-08-16 19:33 -------- d-----w- c:\program files\Nokia
2011-08-16 18:45 . 2005-10-07 10:48 83344 ----a-w- c:\windows\system32\drivers\k510obex.sys
2011-08-16 18:45 . 2005-10-07 10:45 5808 ----a-w- c:\windows\system32\drivers\k510whnt.sys
2011-08-16 18:45 . 2005-10-07 10:45 5808 ----a-w- c:\windows\system32\drivers\k510wh.sys
2011-08-16 18:45 . 2005-10-07 10:48 6176 ----a-w- c:\windows\system32\drivers\k510cmnt.sys
2011-08-16 18:45 . 2005-10-07 10:48 6176 ----a-w- c:\windows\system32\drivers\k510cm.sys
2011-08-16 18:45 . 2005-10-07 10:47 85408 ----a-w- c:\windows\system32\drivers\k510mgmt.sys
2011-08-16 18:45 . 2005-10-07 10:46 94064 ----a-w- c:\windows\system32\drivers\k510mdm.sys
2011-08-16 18:45 . 2005-10-07 10:46 8336 ----a-w- c:\windows\system32\drivers\k510mdfl.sys
2011-08-16 18:45 . 2005-10-07 10:45 58288 ----a-w- c:\windows\system32\drivers\k510bus.sys
2011-08-16 18:28 . 2011-08-12 06:34 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-14 18:21 . 2011-08-14 18:21 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 15:53 . 2011-05-21 07:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 17:27 . 2010-07-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-31 17:27 . 2010-07-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-07-22 02:54 . 2011-08-10 21:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 21:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 21:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 16:46 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 19:21 . 2011-07-27 18:24 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-09 02:30 . 2011-08-10 16:46 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 17:52 . 2011-01-02 12:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-01-02 12:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 04:27 . 2011-08-10 16:46 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 16:46 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33 . 2011-08-10 16:47 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-10 16:47 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 05:34 . 2011-08-10 16:47 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-12 06:34 . 2011-08-16 18:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{24cc1362-11c6-4918-a2c0-b9ee5a563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ArchiBar\tbArch.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{24cc1362-11c6-4918-a2c0-b9ee5a563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{24CC1362-11C6-4918-A2C0-B9EE5A563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 13:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 13:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2011-09-12 94112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TB-Tray.lnk - c:\program files\Thunderbird-Tray\TBTray.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-07-04 09:49 398568 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 CMDUBTHCJT;CMDUBTHCJT;c:\users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe [x]
R3 DRFIVHZM;DRFIVHZM;c:\users\Mato\AppData\Local\Temp\DRFIVHZM.exe [x]
R3 EBZZWRCDX;EBZZWRCDX;c:\users\Mato\AppData\Local\Temp\EBZZWRCDX.exe [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]
R3 EXJGN;EXJGN;c:\users\Mato\AppData\Local\Temp\EXJGN.exe [x]
R3 EZVMN;EZVMN;c:\users\Mato\AppData\Local\Temp\EZVMN.exe [x]
R3 FFIG;FFIG;c:\users\Mato\AppData\Local\Temp\FFIG.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 IRBXDQSBZOT;IRBXDQSBZOT;c:\users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe [x]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2005-10-07 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2005-10-07 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2005-10-07 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2005-10-07 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2005-10-07 83344]
R3 KFKEWR;KFKEWR;c:\users\Mato\AppData\Local\Temp\KFKEWR.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2006-11-20 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2006-11-20 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2006-11-20 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2006-11-20 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2006-11-20 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2006-11-20 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2006-11-20 90800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2007-12-10 480128]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400]
R3 WNGVJMGHMENI;WNGVJMGHMENI;c:\users\Mato\AppData\Local\Temp\WNGVJMGHMENI.exe [x]
R3 XOPZRVBQ;XOPZRVBQ;c:\users\Mato\AppData\Local\Temp\XOPZRVBQ.exe [x]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [2007-12-05 1537024]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-25 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-17 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 18:21]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 18:21]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 18:35]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 18:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\4i4908cv.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.sk/search?hl=sk&lr=lang_cs|l ... ang_1sk&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Adobe PageMaker 7.0 - c:\program files\Adobe\PageMaker 7.0 Tryout\Uninst.isu
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Hummer H3 Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted KITT Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3804)
c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\btmmhook.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btrez.dll
c:\program files\Google\Google SketchUp 7\xerces-c_2_6.dll
.
Completion time: 2011-09-13 19:07:05
ComboFix-quarantined-files.txt 2011-09-13 17:07
.
Pre-Run: 54 669 369 344 bytes free
Post-Run: 54 440 878 080 bytes free
.
- - End Of File - - 7A281BD7B7546FF5F0B5C9A37D34E8CC

#9 Příspěvek od **vyosek** » 13 zář 2011 18:37

Ja tusil ze tam jsou

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"DivXUpdate"=-
[-HKLM\~\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

Driver::
gupdate
CMDUBTHCJT
DRFIVHZM
EBZZWRCDX
EXJGN
EZVMN
FFIG
gupdatem
IRBXDQSBZOT
KFKEWR
WNGVJMGHMENI
XOPZRVBQ

Collect::
c:\users\Mato\AppData\Local\Temp\CMDUBTHCJT.exe
c:\users\Mato\AppData\Local\Temp\DRFIVHZM.exe
c:\users\Mato\AppData\Local\Temp\EBZZWRCDX.exe
c:\users\Mato\AppData\Local\Temp\EXJGN.exe
c:\users\Mato\AppData\Local\Temp\EZVMN.exe
c:\users\Mato\AppData\Local\Temp\FFIG.exe
c:\users\Mato\AppData\Local\Temp\IRBXDQSBZOT.exe
c:\users\Mato\AppData\Local\Temp\KFKEWR.exe
c:\users\Mato\AppData\Local\Temp\WNGVJMGHMENI.exe
c:\users\Mato\AppData\Local\Temp\XOPZRVBQ.exe

Folder::
c:\users\Mato\AppData\Local\Temp

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job

Firefox::
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\4i4908cv.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.sk/search?hl=sk&lr=la ... ang_1sk&q=

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Hummer H3 Mod]
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted KITT Mod]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tantal69 · #10 Příspěvek od **tantal69** » 13 zář 2011 19:34

Aka to bola hrozba?

ComboFix 11-09-13.03 - Mato . 09. 2011 20:05:01.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2039.386 [GMT 2:00]
Running from: c:\users\Mato\Desktop\ComboFix.exe
Command switches used :: c:\users\Mato\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mato\AppData\Local\Temp
c:\users\Mato\AppData\Local\Temp\catchme.dll
c:\users\Mato\AppData\Local\Temp\FXSAPIDebugLogFile.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CMDUBTHCJT
-------\Service_DRFIVHZM
-------\Service_EBZZWRCDX
-------\Service_EXJGN
-------\Service_EZVMN
-------\Service_FFIG
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_IRBXDQSBZOT
-------\Service_KFKEWR
-------\Service_WNGVJMGHMENI
-------\Service_XOPZRVBQ
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 18:21 . 2011-09-13 18:25 -------- d-----w- c:\users\Mato\AppData\Local\Temp
2011-09-11 18:28 . 2011-09-11 20:29 512 ----a-w- C:\PhysicalMBR.bin
2011-09-08 20:45 . 2011-09-12 17:21 -------- d-----w- c:\program files\trend micro
2011-09-08 20:45 . 2011-09-08 20:46 -------- d-----w- C:\rsit
2011-09-07 19:27 . 2011-09-07 19:27 -------- d-----w- c:\programdata\Apple Computer
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-09-07 19:27 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-09-07 19:27 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-09-07 19:27 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 19:27 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-09-07 19:26 . 2011-09-07 19:27 -------- d-----w- c:\program files\QT Lite
2011-09-05 17:52 . 2011-09-05 17:52 -------- d-----w- c:\users\Mato\AppData\Roaming\Sync App Settings
2011-09-05 17:49 . 2011-09-05 17:49 -------- d-----w- c:\programdata\Sync App Settings
2011-09-05 17:49 . 2011-09-13 16:31 -------- d-----w- c:\program files\Allway Sync
2011-09-05 17:07 . 2011-09-05 17:11 -------- d-----w- c:\users\Mato\AppData\Roaming\AutomaticUSBBackup
2011-08-29 18:11 . 2011-08-29 18:12 -------- d-----w- c:\users\Mato\AppData\Roaming\Android
2011-08-29 16:26 . 2011-08-29 16:39 -------- d-----w- C:\Sign+_v1.2.2
2011-08-29 16:02 . 2011-08-29 17:35 -------- d-----w- C:\apkPack
2011-08-29 16:02 . 2011-08-29 17:32 -------- d-----w- C:\apkEdit
2011-08-28 18:03 . 2011-08-28 18:03 -------- d-----w- c:\program files\Totato
2011-08-28 16:43 . 2011-08-29 17:44 -------- d-----w- C:\xdaAutoTool
2011-08-28 16:07 . 2011-08-28 16:07 43 ----a-w- c:\windows\system32\msdm32.vxd
2011-08-28 16:07 . 2011-08-28 16:07 -------- d-----w- c:\program files\Potato
2011-08-28 15:32 . 2000-05-23 05:58 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2011-08-28 15:32 . 1998-06-24 13:00 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-08-28 12:55 . 2011-08-28 13:19 -------- d-----w- c:\program files\CamStudio 2.6b
2011-08-28 12:55 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-08-24 19:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-17 16:25 . 2011-08-18 18:44 -------- d-----r- c:\users\Mato\Dropbox
2011-08-17 16:22 . 2011-08-18 18:46 -------- d-----w- c:\users\Mato\AppData\Roaming\Dropbox
2011-08-16 19:33 . 2011-08-16 19:33 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-16 19:33 . 2011-08-16 19:33 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-16 19:33 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-16 19:32 . 2011-08-16 19:32 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-16 19:31 . 2011-08-16 19:33 -------- d-----w- c:\program files\Nokia
2011-08-16 18:45 . 2005-10-07 10:48 83344 ----a-w- c:\windows\system32\drivers\k510obex.sys
2011-08-16 18:45 . 2005-10-07 10:45 5808 ----a-w- c:\windows\system32\drivers\k510whnt.sys
2011-08-16 18:45 . 2005-10-07 10:45 5808 ----a-w- c:\windows\system32\drivers\k510wh.sys
2011-08-16 18:45 . 2005-10-07 10:48 6176 ----a-w- c:\windows\system32\drivers\k510cmnt.sys
2011-08-16 18:45 . 2005-10-07 10:48 6176 ----a-w- c:\windows\system32\drivers\k510cm.sys
2011-08-16 18:45 . 2005-10-07 10:47 85408 ----a-w- c:\windows\system32\drivers\k510mgmt.sys
2011-08-16 18:45 . 2005-10-07 10:46 94064 ----a-w- c:\windows\system32\drivers\k510mdm.sys
2011-08-16 18:45 . 2005-10-07 10:46 8336 ----a-w- c:\windows\system32\drivers\k510mdfl.sys
2011-08-16 18:45 . 2005-10-07 10:45 58288 ----a-w- c:\windows\system32\drivers\k510bus.sys
2011-08-16 18:28 . 2011-08-12 06:34 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 15:53 . 2011-05-21 07:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-09-13 16:28 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872DC009-1C05-4D3D-88D6-33217A2CD734}\mpengine.dll
2011-07-31 17:27 . 2010-07-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-31 17:27 . 2010-07-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-07-22 02:54 . 2011-08-10 21:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 21:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 21:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 16:46 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 19:21 . 2011-07-27 18:24 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-09 02:30 . 2011-08-10 16:46 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 17:52 . 2011-01-02 12:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-01-02 12:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 04:27 . 2011-08-10 16:46 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 16:46 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33 . 2011-08-10 16:47 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-10 16:47 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 05:34 . 2011-08-10 16:47 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-12 06:34 . 2011-08-16 18:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{24cc1362-11c6-4918-a2c0-b9ee5a563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ArchiBar\tbArch.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{24cc1362-11c6-4918-a2c0-b9ee5a563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{24CC1362-11C6-4918-A2C0-B9EE5A563185}"= "c:\program files\ArchiBar\tbArch.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 13:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 13:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2011-09-12 94112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-06-03 2734184]
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TB-Tray.lnk - c:\program files\Thunderbird-Tray\TBTray.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-07-04 09:49 398568 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [2011-06-03 183904]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2005-10-07 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2005-10-07 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2005-10-07 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2005-10-07 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2005-10-07 83344]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2006-11-20 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2006-11-20 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2006-11-20 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2006-11-20 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2006-11-20 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2006-11-20 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2006-11-20 90800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2007-12-10 480128]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [2007-12-05 1537024]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-06-03 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-25 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-17 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-06-03 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-06-03 33656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-06-03 162912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-06-03 974944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 18:21]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 18:21]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000Core.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 18:35]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232530544-1741318313-884996648-1000UA.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 18:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\4i4908cv.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Hummer H3 Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted KITT Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4588)
c:\program files\RocketDock\RocketDock.dll
c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\btmmhook.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Mozilla Thunderbird\thunderbird.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\DllHost.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-09-13 20:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 18:32
ComboFix2.txt 2011-09-13 17:07
.
Pre-Run: 54 146 244 608 bytes free
Post-Run: 54 012 710 912 bytes free
.
- - End Of File - - 2DE54ED5A25BF9712423A62CBEE44F6C

#11 Příspěvek od **vyosek** » 13 zář 2011 19:43

Par skodnych sluzeb a haveti natahovane z temp souboru

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

napiste co PC

tantal69 · #12 Příspěvek od **tantal69** » 13 zář 2011 20:09

PC sa sprava normálne, po restarte sa spustila aktualizacia Windowsu

#13 Příspěvek od **vyosek** » 13 zář 2011 20:13

Nainstalujte tedy vsechny dostupne aktualizace

Doporucuji aktualizaci programu - aktualizace Vam pohodlne pohlida programek FileHippo UpdateChecker - staci spustit cca jednou za 14 dni

tantal69 · #14 Příspěvek od **tantal69** » 13 zář 2011 20:16

Vrela vdaka za pomoc, prajem prijemny zvysok vecera.

#15 Příspěvek od **vyosek** » 13 zář 2011 20:19

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na rozloucenou vam zahraje nase kapela :guitar:

VIRY.CZ

Prosim o preventivku

Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku