VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojsky kuň Dropper.Generic5

https://forum.viry.cz:443/viewtopic.php?t=119057

Stránka 1 z 2

Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 10:17
od dominikvyt
Čaute nevite co stim trapy mně Trojsky kuň Dropper.Generic5
Ale nevim co strim boje ve Explorer.exe což je pruzkumnik windows
pokud vite co stim pište


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:54, on 24.1.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\vsnp325.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\PROGRA~1\Uniblue\DRIVER~1\driverscanner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF09A195-838F-4686-94D1-33C067E4BFC7}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 10:27
od vyosek
Zdravim a pekne dopoledne preji :)

:arrow: Trvate na antiviru avg? u nas neni moc obliben - vysoka zatez systemu, slaba detekce. Dle toho pak dam dalsi postup

:arrow: Odinstalujte Advanced SystemCare 3 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

:arrow: Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 10:35
od dominikvyt
A co byste my asi doporučil za antivirus a neznate nahodou nějaky drivers updater??:)) moc děkuji Dominikvyt

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 10:41
od vyosek
:arrow: Nejdrive vylecime PC od haveti - je ji tam pozehnane - a pak se vrhnem teprve na aktualizace a uklid

:arrow: Odinstalujte avg a pak pouzijte jeste tento remover http://download.avg.com/filedir/util/su ... 1_1184.exe

:arrow: Odinstalujte veci od IOBit, MyWebSearch a toolbary jak jsem psal vyse

:arrow: Nainstalujte Avast Free http://www.avast.com/cs-cz/free-antivirus-download

:arrow: Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 - je podrobnejsi nez HJT

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:16
od dominikvyt
Logfile of random's system information tool 1.09 (written by random/random)
Run by Maminka at 2012-01-24 11:03:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 85 GB (54%) free of 157 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:52, on 24.1.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vsnp325.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Opera\opera.exe
C:\Users\Maminka\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Maminka.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF09A195-838F-4686-94D1-33C067E4BFC7}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 9517 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\DriverScanner.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/?utm_source=ch-br ... _medium=ff"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =642886&p="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\ProgramData\AVG Secure Search\9.0.0.23\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default\extensions\
centrumpomocnik@centrum.cz
yasearch@yandex.ru
{800b5000-a755-47e1-992b-48a1c1357f07}
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml
sweetim.xml
ybqs-firmy.xml
ybqs-mapy.xml
ybqs-seznam.xml
ybqs-zbozi.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2012-01-24 1574240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-13 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2012-01-24 1574240]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll []
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe []
"snp325"=C:\Windows\vsnp325.exe [2006-10-10 827392]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe /m []
"DriverScanner"=C:\Program Files\Uniblue\DriverScanner\launcher.exe [2011-10-20 338296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2011-10-21 2663232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Maminka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 137536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry]
C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe [2011-06-16 3830424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2002-03-28 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
~C:\Program Files\ICQ7.6\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-12-13 922976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe /m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\Windows\vsnpstd3.exe [2005-09-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
C:\Program Files\WebcamMax\WebcamMax.exe -a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Maminka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UnderWorld - Patcher.lnk]
[]

C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.WMV3"=wmv9vcm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"msacm.siren"=sirenacm.dll
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-24 11:03:14 ----D---- C:\rsit
2012-01-24 11:01:04 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-01-24 11:01:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-01-24 11:00:56 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-01-24 11:00:56 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-01-24 11:00:54 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-01-24 11:00:54 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-01-24 11:00:33 ----A---- C:\Windows\system32\aswBoot.exe
2012-01-24 11:00:33 ----A---- C:\Windows\avastSS.scr
2012-01-24 11:00:16 ----D---- C:\ProgramData\AVAST Software
2012-01-24 11:00:15 ----D---- C:\Program Files\AVAST Software
2012-01-24 10:55:05 ----A---- C:\Program Files\Uninstall Fun Web Products.dll
2012-01-24 10:48:49 ----D---- C:\Program Files\AVG Secure Search
2012-01-24 10:11:07 ----D---- C:\Program Files\Trend Micro
2012-01-22 15:45:31 ----D---- C:\Program Files\ImgBurn
2012-01-21 18:41:09 ----AH---- C:\Windows\system32\hamachi.sys
2012-01-19 11:12:42 ----A---- C:\Windows\UC.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\RAR.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\PKZIP.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\PKUNZIP.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\NOCLOSE.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\LHA.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\ARJ.PIF
2012-01-19 11:12:41 ----D---- C:\Users\Maminka\AppData\Roaming\GHISLER
2012-01-19 11:12:41 ----D---- C:\totalcmd
2012-01-11 22:09:02 ----D---- C:\5b36737c0a8874ffc6cce315
2012-01-11 18:44:29 ----D---- C:\Users\Maminka\AppData\Roaming\ATI
2012-01-11 18:44:29 ----D---- C:\ProgramData\ATI
2012-01-11 10:33:33 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 10:33:32 ----A---- C:\Windows\system32\packager.dll
2012-01-11 10:33:29 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 10:33:29 ----A---- C:\Windows\system32\qdvd.dll
2012-01-10 18:38:26 ----D---- C:\ProgramData\VS
2012-01-08 18:43:38 ----HDC---- C:\ProgramData\{09CD02A5-5ACC-4B34-8513-DD8BE7C2BD49}
2012-01-08 18:41:09 ----D---- C:\Program Files\SmartTweak Software
2011-12-27 19:29:49 ----D---- C:\Users\Maminka\AppData\Roaming\Yandex
2011-12-27 19:28:28 ----A---- C:\Windows\system32\drivers\sptd.sys
2011-12-27 19:27:42 ----D---- C:\Program Files\DAEMON Tools Lite
2011-12-27 19:20:02 ----D---- C:\Program Files\Common Files\InstallShield

======List of files/folders modified in the last 1 month======

2012-01-24 11:01:33 ----D---- C:\Windows\Temp
2012-01-24 11:01:04 ----D---- C:\Windows\system32\drivers
2012-01-24 11:00:51 ----SHD---- C:\Windows\Installer
2012-01-24 11:00:51 ----SHD---- C:\Config.Msi
2012-01-24 11:00:33 ----D---- C:\Windows\System32
2012-01-24 11:00:33 ----D---- C:\Windows
2012-01-24 11:00:16 ----HD---- C:\ProgramData
2012-01-24 11:00:15 ----RD---- C:\Program Files
2012-01-24 11:00:09 ----SHD---- C:\System Volume Information
2012-01-24 10:57:05 ----D---- C:\Windows\system32\config
2012-01-24 10:55:03 ----AD---- C:\Program Files\FunWebProducts
2012-01-24 10:50:22 ----D---- C:\ProgramData\MFAData
2012-01-24 10:49:04 ----D---- C:\ProgramData\AVG Secure Search
2012-01-24 10:48:07 ----D---- C:\Windows\inf
2012-01-24 10:38:30 ----D---- C:\Program Files\IObit
2012-01-24 10:34:00 ----D---- C:\Windows\Tasks
2012-01-24 10:34:00 ----D---- C:\Windows\system32\Tasks
2012-01-24 08:34:39 ----D---- C:\Program Files\LogMeIn Hamachi
2012-01-23 23:51:18 ----D---- C:\Windows\Microsoft.NET
2012-01-23 15:15:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-23 12:48:27 ----D---- C:\Windows\Minidump
2012-01-23 10:08:13 ----D---- C:\Users\Maminka\AppData\Roaming\Skype
2012-01-23 10:08:13 ----D---- C:\Users\Maminka\AppData\Roaming\BitTorrent
2012-01-23 09:38:09 ----D---- C:\Users\Maminka\AppData\Roaming\.minecraft
2012-01-22 15:39:07 ----D---- C:\Users\Maminka\AppData\Roaming\Uniblue
2012-01-22 14:41:23 ----D---- C:\Windows\system32\catroot
2012-01-22 14:41:20 ----D---- C:\Windows\system32\DriverStore
2012-01-21 15:04:55 ----D---- C:\Program Files\Adobe
2012-01-21 15:00:56 ----D---- C:\Windows\Cursors
2012-01-21 15:00:06 ----D---- C:\Program Files\Common Files\Adobe
2012-01-21 14:55:57 ----D---- C:\ProgramData\Adobe
2012-01-21 14:55:39 ----D---- C:\Users\Maminka\AppData\Roaming\Adobe
2012-01-21 14:49:48 ----D---- C:\Windows\system32\catroot2
2012-01-21 14:49:35 ----D---- C:\Windows\WindowsMobile
2012-01-21 14:47:04 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-21 14:43:25 ----D---- C:\Program Files\Winamp
2012-01-21 14:43:17 ----RD---- C:\Program Files\Skype
2012-01-21 14:34:42 ----D---- C:\Windows\system32\drivers\UMDF
2012-01-21 14:32:52 ----RSD---- C:\Windows\assembly
2012-01-21 14:32:39 ----SD---- C:\ProgramData\Microsoft
2012-01-21 14:31:47 ----DC---- C:\Windows\system32\DRVSTORE
2012-01-21 14:29:23 ----D---- C:\Program Files\Pcsx2
2012-01-20 17:45:00 ----D---- C:\Users\Maminka\AppData\Roaming\DAEMON Tools Lite
2012-01-19 19:38:13 ----D---- C:\ProgramData\AVG2012
2012-01-19 17:56:55 ----D---- C:\Program Files\DsNET Corp
2012-01-19 11:19:13 ----D---- C:\Users\Maminka\AppData\Roaming\GetRightToGo
2012-01-19 11:18:29 ----D---- C:\Downloads
2012-01-19 11:02:08 ----D---- C:\Program Files\Sony
2012-01-19 10:59:48 ----D---- C:\Program Files\Opera
2012-01-19 10:59:26 ----RSD---- C:\Windows\Fonts
2012-01-19 10:53:47 ----SHD---- C:\$Recycle.Bin
2012-01-14 12:08:25 ----SD---- C:\Users\Maminka\AppData\Roaming\Microsoft
2012-01-13 12:22:28 ----D---- C:\Windows\winsxs
2012-01-12 18:25:39 ----D---- C:\Windows\system32\NDF
2012-01-12 10:21:36 ----D---- C:\Windows\Prefetch
2012-01-12 09:30:22 ----D---- C:\Windows\debug
2012-01-12 09:10:01 ----D---- C:\ProgramData\Microsoft Help
2012-01-12 09:03:07 ----A---- C:\Windows\system32\MRT.exe
2012-01-12 09:02:46 ----D---- C:\Windows\ehome
2012-01-11 18:43:31 ----D---- C:\Program Files\ATI Technologies
2012-01-08 18:35:54 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-27 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-12-17 229208]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 4450816]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 39272]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2011-11-04 82736]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-19 909152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-04 654848]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 71680]

-----------------EOF-----------------

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:17
od dominikvyt
Logfile of random's system information tool 1.09 (written by random/random)
Run by Maminka at 2012-01-24 11:03:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 85 GB (54%) free of 157 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:52, on 24.1.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vsnp325.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Opera\opera.exe
C:\Users\Maminka\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Maminka.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF09A195-838F-4686-94D1-33C067E4BFC7}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 9517 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\DriverScanner.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/?utm_source=ch-br ... _medium=ff"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =642886&p="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\ProgramData\AVG Secure Search\9.0.0.23\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default\extensions\
centrumpomocnik@centrum.cz
yasearch@yandex.ru
{800b5000-a755-47e1-992b-48a1c1357f07}
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml
sweetim.xml
ybqs-firmy.xml
ybqs-mapy.xml
ybqs-seznam.xml
ybqs-zbozi.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2012-01-24 1574240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-13 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2012-01-24 1574240]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll []
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe []
"snp325"=C:\Windows\vsnp325.exe [2006-10-10 827392]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe /m []
"DriverScanner"=C:\Program Files\Uniblue\DriverScanner\launcher.exe [2011-10-20 338296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2011-10-21 2663232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Maminka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 137536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry]
C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe [2011-06-16 3830424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2002-03-28 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
~C:\Program Files\ICQ7.6\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-12-13 922976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe /m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\Windows\vsnpstd3.exe [2005-09-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
C:\Program Files\WebcamMax\WebcamMax.exe -a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Maminka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UnderWorld - Patcher.lnk]
[]

C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.WMV3"=wmv9vcm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"msacm.siren"=sirenacm.dll
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-24 11:03:14 ----D---- C:\rsit
2012-01-24 11:01:04 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-01-24 11:01:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-01-24 11:00:56 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-01-24 11:00:56 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-01-24 11:00:54 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-01-24 11:00:54 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-01-24 11:00:33 ----A---- C:\Windows\system32\aswBoot.exe
2012-01-24 11:00:33 ----A---- C:\Windows\avastSS.scr
2012-01-24 11:00:16 ----D---- C:\ProgramData\AVAST Software
2012-01-24 11:00:15 ----D---- C:\Program Files\AVAST Software
2012-01-24 10:55:05 ----A---- C:\Program Files\Uninstall Fun Web Products.dll
2012-01-24 10:48:49 ----D---- C:\Program Files\AVG Secure Search
2012-01-24 10:11:07 ----D---- C:\Program Files\Trend Micro
2012-01-22 15:45:31 ----D---- C:\Program Files\ImgBurn
2012-01-21 18:41:09 ----AH---- C:\Windows\system32\hamachi.sys
2012-01-19 11:12:42 ----A---- C:\Windows\UC.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\RAR.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\PKZIP.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\PKUNZIP.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\NOCLOSE.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\LHA.PIF
2012-01-19 11:12:42 ----A---- C:\Windows\ARJ.PIF
2012-01-19 11:12:41 ----D---- C:\Users\Maminka\AppData\Roaming\GHISLER
2012-01-19 11:12:41 ----D---- C:\totalcmd
2012-01-11 22:09:02 ----D---- C:\5b36737c0a8874ffc6cce315
2012-01-11 18:44:29 ----D---- C:\Users\Maminka\AppData\Roaming\ATI
2012-01-11 18:44:29 ----D---- C:\ProgramData\ATI
2012-01-11 10:33:33 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 10:33:32 ----A---- C:\Windows\system32\packager.dll
2012-01-11 10:33:29 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 10:33:29 ----A---- C:\Windows\system32\qdvd.dll
2012-01-10 18:38:26 ----D---- C:\ProgramData\VS
2012-01-08 18:43:38 ----HDC---- C:\ProgramData\{09CD02A5-5ACC-4B34-8513-DD8BE7C2BD49}
2012-01-08 18:41:09 ----D---- C:\Program Files\SmartTweak Software
2011-12-27 19:29:49 ----D---- C:\Users\Maminka\AppData\Roaming\Yandex
2011-12-27 19:28:28 ----A---- C:\Windows\system32\drivers\sptd.sys
2011-12-27 19:27:42 ----D---- C:\Program Files\DAEMON Tools Lite
2011-12-27 19:20:02 ----D---- C:\Program Files\Common Files\InstallShield

======List of files/folders modified in the last 1 month======

2012-01-24 11:01:33 ----D---- C:\Windows\Temp
2012-01-24 11:01:04 ----D---- C:\Windows\system32\drivers
2012-01-24 11:00:51 ----SHD---- C:\Windows\Installer
2012-01-24 11:00:51 ----SHD---- C:\Config.Msi
2012-01-24 11:00:33 ----D---- C:\Windows\System32
2012-01-24 11:00:33 ----D---- C:\Windows
2012-01-24 11:00:16 ----HD---- C:\ProgramData
2012-01-24 11:00:15 ----RD---- C:\Program Files
2012-01-24 11:00:09 ----SHD---- C:\System Volume Information
2012-01-24 10:57:05 ----D---- C:\Windows\system32\config
2012-01-24 10:55:03 ----AD---- C:\Program Files\FunWebProducts
2012-01-24 10:50:22 ----D---- C:\ProgramData\MFAData
2012-01-24 10:49:04 ----D---- C:\ProgramData\AVG Secure Search
2012-01-24 10:48:07 ----D---- C:\Windows\inf
2012-01-24 10:38:30 ----D---- C:\Program Files\IObit
2012-01-24 10:34:00 ----D---- C:\Windows\Tasks
2012-01-24 10:34:00 ----D---- C:\Windows\system32\Tasks
2012-01-24 08:34:39 ----D---- C:\Program Files\LogMeIn Hamachi
2012-01-23 23:51:18 ----D---- C:\Windows\Microsoft.NET
2012-01-23 15:15:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-23 12:48:27 ----D---- C:\Windows\Minidump
2012-01-23 10:08:13 ----D---- C:\Users\Maminka\AppData\Roaming\Skype
2012-01-23 10:08:13 ----D---- C:\Users\Maminka\AppData\Roaming\BitTorrent
2012-01-23 09:38:09 ----D---- C:\Users\Maminka\AppData\Roaming\.minecraft
2012-01-22 15:39:07 ----D---- C:\Users\Maminka\AppData\Roaming\Uniblue
2012-01-22 14:41:23 ----D---- C:\Windows\system32\catroot
2012-01-22 14:41:20 ----D---- C:\Windows\system32\DriverStore
2012-01-21 15:04:55 ----D---- C:\Program Files\Adobe
2012-01-21 15:00:56 ----D---- C:\Windows\Cursors
2012-01-21 15:00:06 ----D---- C:\Program Files\Common Files\Adobe
2012-01-21 14:55:57 ----D---- C:\ProgramData\Adobe
2012-01-21 14:55:39 ----D---- C:\Users\Maminka\AppData\Roaming\Adobe
2012-01-21 14:49:48 ----D---- C:\Windows\system32\catroot2
2012-01-21 14:49:35 ----D---- C:\Windows\WindowsMobile
2012-01-21 14:47:04 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-21 14:43:25 ----D---- C:\Program Files\Winamp
2012-01-21 14:43:17 ----RD---- C:\Program Files\Skype
2012-01-21 14:34:42 ----D---- C:\Windows\system32\drivers\UMDF
2012-01-21 14:32:52 ----RSD---- C:\Windows\assembly
2012-01-21 14:32:39 ----SD---- C:\ProgramData\Microsoft
2012-01-21 14:31:47 ----DC---- C:\Windows\system32\DRVSTORE
2012-01-21 14:29:23 ----D---- C:\Program Files\Pcsx2
2012-01-20 17:45:00 ----D---- C:\Users\Maminka\AppData\Roaming\DAEMON Tools Lite
2012-01-19 19:38:13 ----D---- C:\ProgramData\AVG2012
2012-01-19 17:56:55 ----D---- C:\Program Files\DsNET Corp
2012-01-19 11:19:13 ----D---- C:\Users\Maminka\AppData\Roaming\GetRightToGo
2012-01-19 11:18:29 ----D---- C:\Downloads
2012-01-19 11:02:08 ----D---- C:\Program Files\Sony
2012-01-19 10:59:48 ----D---- C:\Program Files\Opera
2012-01-19 10:59:26 ----RSD---- C:\Windows\Fonts
2012-01-19 10:53:47 ----SHD---- C:\$Recycle.Bin
2012-01-14 12:08:25 ----SD---- C:\Users\Maminka\AppData\Roaming\Microsoft
2012-01-13 12:22:28 ----D---- C:\Windows\winsxs
2012-01-12 18:25:39 ----D---- C:\Windows\system32\NDF
2012-01-12 10:21:36 ----D---- C:\Windows\Prefetch
2012-01-12 09:30:22 ----D---- C:\Windows\debug
2012-01-12 09:10:01 ----D---- C:\ProgramData\Microsoft Help
2012-01-12 09:03:07 ----A---- C:\Windows\system32\MRT.exe
2012-01-12 09:02:46 ----D---- C:\Windows\ehome
2012-01-11 18:43:31 ----D---- C:\Program Files\ATI Technologies
2012-01-08 18:35:54 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-27 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-12-17 229208]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 4450816]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 39272]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2011-11-04 82736]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-19 909152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-04 654848]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 71680]

-----------------EOF-----------------

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:20
od vyosek
:arrow: Jeste odinstalujte ICQ Toolbar

:arrow: Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium :???:

:arrow: Stahnete na plochu CKScanner
  • Spustte a kliknete na Search for files
  • Po dokonceni skenu kliknete na Save List to File a nasledne OK
  • Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:32
od dominikvyt
1.Hotovo
2.Až tak běžny uživatel nejsem mam znalosti v Html/Php Webdesign Visual Basic
3
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\multi unlock client\palm pre\prepassthroughkeygen.exe
scanner sequence 3.NA.11.LPABRT
----- EOF -----
4.
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Maminka [Admin rights]
Mode: Scan -- Date : 01/24/2012 11:30:27

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] vsnp325.exe -- C:\Windows\vsnp325.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : snp325 (C:\Windows\vsnp325.exe) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CF09A195-838F-4686-94D1-33C067E4BFC7} : NameServer (62.129.50.20,85.135.32.100) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{CF09A195-838F-4686-94D1-33C067E4BFC7} : NameServer (62.129.50.20,85.135.32.100) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ffb45393b5ecee577a6b263cd4d43c9a
[BSP] 9456e8eeaa7b9a0e5db37aab116f3b92 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 164686 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



:))

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:34
od vyosek
:arrow: vse zvladne verze Home, Ultimate je spise pro administratory a spravce velky siti spolecnosti atd...

:arrow: Zeptam se jinak, mate jej legalni = zakoupena licence :???:

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:35
od dominikvyt
Ano mam a nešlo byto z ultimate na home premiumj nebo něco takoveho:)?

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:36
od vyosek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 11:37
od vyosek
A proc chcete z te zakoupene licence prechazet na nizsi - vsak jste psal ze jeho funkce vyuzijete, ze nejste jen bezny user :?:

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 12:20
od dominikvyt
wow pod louhe době jsem z5:)) na konci jse mi zavřel explorer.exe a už neotevřel musel jsem ho sam otevřit
ve spravce uloh:))



ComboFix 12-01-23.02 - Maminka 24.01.2012 11:46:47.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.2047.1227 [GMT 1:00]
Spuštěný z: C:\Users\Maminka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Uninstall Fun Web Products.dll
C:\Users\Maminka\AppData\Roaming\5D05.tmp
C:\Users\Maminka\AppData\Roaming\61FD.exe
C:\Users\Maminka\AppData\Roaming\69B8.exe
C:\Users\Maminka\AppData\Roaming\7106.tmp
C:\Users\Maminka\AppData\Roaming\7A14.exe
C:\Users\Maminka\AppData\Roaming\AC62.tmp
C:\Windows\iun6002.exe
C:\Windows\pkunzip.pif
C:\Windows\pkzip.pif


((((((((((((((((((((((((( Soubory vytvořené od 2011-12-24 do 2012-01-24 )))))))))))))))))))))))))))))))


2012-01-24 11:06:49 . 2012-01-24 11:07:25 -------- d-----w- C:\Users\Maminka\AppData\Local\temp
2012-01-24 11:06:49 . 2012-01-24 11:06:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-01-24 10:29:51 . 2012-01-24 10:30:46 111872 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2012-01-22 14:45:31 . 2012-01-22 14:45:31 -------- d-----w- C:\Program Files\ImgBurn
2012-01-21 17:41:09 . 2009-03-18 16:35:40 26176 ---ha-w- C:\Windows\system32\hamachi.sys
2012-01-20 16:43:38 . 2012-01-20 16:43:38 0 ---ha-w- C:\Users\Maminka\AppData\Local\BIT1E79.tmp
2012-01-19 10:14:58 . 2012-01-19 10:14:58 -------- d-----w- C:\Users\Maminka\AppData\Local\GHISLER
2012-01-19 10:12:42 . 2010-12-17 06:56:10 545 ----a-w- C:\Windows\UC.PIF
2012-01-19 10:12:42 . 2010-12-17 06:56:10 545 ----a-w- C:\Windows\RAR.PIF
2012-01-19 10:12:42 . 2010-12-17 06:56:10 545 ----a-w- C:\Windows\NOCLOSE.PIF
2012-01-19 10:12:42 . 2010-12-17 06:56:10 545 ----a-w- C:\Windows\LHA.PIF
2012-01-19 10:12:42 . 2010-12-17 06:56:10 545 ----a-w- C:\Windows\ARJ.PIF
2012-01-19 10:12:41 . 2012-01-19 10:13:32 -------- d-----w- C:\totalcmd
2012-01-19 10:12:41 . 2012-01-19 10:12:41 -------- d-----w- C:\Users\Maminka\AppData\Roaming\GHISLER
2012-01-11 21:09:02 . 2012-01-11 21:09:02 -------- d-----w- C:\5b36737c0a8874ffc6cce315
2012-01-11 17:44:29 . 2012-01-11 17:44:29 -------- d-----w- C:\Users\Maminka\AppData\Roaming\ATI
2012-01-11 17:44:29 . 2012-01-11 17:44:29 -------- d-----w- C:\ProgramData\ATI
2012-01-11 17:44:28 . 2012-01-11 17:44:29 -------- d-----w- C:\Users\Maminka\AppData\Local\ATI
2012-01-11 09:33:33 . 2011-11-17 05:38:39 1288472 ----a-w- C:\Windows\system32\ntdll.dll
2012-01-11 09:33:32 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\system32\packager.dll
2012-01-11 09:33:29 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\system32\qdvd.dll
2012-01-11 09:33:29 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\system32\quartz.dll
2012-01-10 17:38:26 . 2012-01-10 17:38:26 -------- d-----w- C:\ProgramData\VS
2012-01-08 17:43:38 . 2012-01-08 17:43:39 -------- dc-h--w- C:\ProgramData\{09CD02A5-5ACC-4B34-8513-DD8BE7C2BD49}
2012-01-08 17:42:10 . 2012-01-08 17:42:10 -------- d-----w- C:\Users\Maminka\AppData\Local\APN
2012-01-08 17:41:09 . 2012-01-21 13:38:34 -------- d-----w- C:\Program Files\SmartTweak Software
2012-01-08 17:40:46 . 2012-01-08 17:40:46 -------- d-----w- C:\Users\Maminka\AppData\Local\PackageAware
2011-12-27 18:29:50 . 2011-12-27 18:29:58 -------- d-----w- C:\Users\Maminka\AppData\Local\Yandex
2011-12-27 18:29:49 . 2012-01-19 09:56:27 -------- d-----w- C:\Users\Maminka\AppData\Roaming\Yandex
2011-12-27 18:28:28 . 2011-12-27 18:28:28 691696 ----a-w- C:\Windows\system32\drivers\sptd.sys
2011-12-27 18:27:42 . 2011-12-27 18:30:17 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2011-12-27 18:20:02 . 2012-01-21 13:46:15 -------- d-----w- C:\Program Files\Common Files\InstallShield
2011-12-26 16:36:55 . 2011-12-26 16:36:55 -------- d-----r- C:\Users\Maminka\Podcasts
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-20 07:38:21 . 2011-08-03 13:09:46 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 17:47:21 . 2011-07-31 13:07:44 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-12-17 10:38:38 . 2011-12-17 10:38:38 229208 ----a-w- C:\Windows\system32\drivers\VMM.sys
2011-12-15 07:37:21 . 2011-12-15 07:37:21 165232 ---ha-w- C:\Users\Maminka\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-12-14 10:00:47 . 2011-12-14 10:00:47 307200 ----a-w- C:\Users\Maminka\AppData\Roaming\CD69.exe
2011-12-14 10:00:42 . 2011-12-14 10:00:42 69632 ----a-w- C:\Users\Maminka\AppData\Roaming\BACB.exe
2011-12-13 17:29:43 . 2011-12-13 17:29:43 307200 ----a-w- C:\Users\Maminka\AppData\Roaming\A1DE.exe
2011-12-13 07:29:03 . 2002-03-28 14:09:42 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-12-12 12:15:11 . 2011-03-28 17:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-01 15:37:42 . 2011-12-01 15:37:42 253952 ------w- C:\Windows\Setup1.exe
2011-12-01 15:37:35 . 2011-12-01 15:37:35 73728 ----a-w- C:\Windows\ST6UNST.EXE
2011-11-24 04:25:27 . 2011-12-15 07:13:53 2342912 ----a-w- C:\Windows\system32\win32k.sys
2011-11-21 10:47:38 . 2011-12-16 13:38:28 6823496 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF202A8E-CA9B-48B1-947B-56CB9E24EDF3}\mpengine.dll
2011-11-17 05:41:52 . 2001-12-31 23:08:16 67440 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2011-11-17 05:41:51 . 2001-12-31 23:08:18 134000 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39:24 . 2001-12-31 23:08:17 369352 ----a-w- C:\Windows\system32\drivers\cng.sys
2011-11-17 05:35:02 . 2001-12-31 23:08:13 314880 ----a-w- C:\Windows\system32\webio.dll
2011-11-17 05:34:55 . 2001-12-31 23:08:13 100352 ----a-w- C:\Windows\system32\sspicli.dll
2011-11-17 05:34:55 . 2001-12-31 23:08:12 15872 ----a-w- C:\Windows\system32\sspisrv.dll
2011-11-17 05:34:52 . 2001-12-31 23:08:19 224768 ----a-w- C:\Windows\system32\schannel.dll
2011-11-17 05:34:52 . 2001-12-31 23:08:12 22016 ----a-w- C:\Windows\system32\secur32.dll
2011-11-17 05:32:51 . 2001-12-31 23:08:18 1038848 ----a-w- C:\Windows\system32\lsasrv.dll
2011-11-17 05:29:50 . 2001-12-31 23:08:14 22528 ----a-w- C:\Windows\system32\lsass.exe
2011-11-10 14:35:20 . 2009-06-18 12:58:36 348160 ----a-w- C:\Windows\system32\msvcr71.dll
2011-11-10 14:35:19 . 2009-06-18 12:58:36 499712 ----a-w- C:\Windows\system32\msvcp71.dll
2011-11-05 04:26:03 . 2011-12-15 07:14:13 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-11-04 12:42:02 . 2011-12-15 09:42:25 158512 ----a-w- C:\Windows\system32\drivers\VBoxDrv.sys
2011-11-04 12:42:02 . 2011-12-15 09:42:12 91440 ----a-w- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-11-04 12:42:02 . 2011-11-04 12:42:02 82736 ----a-w- C:\Windows\system32\drivers\VBoxUSB.sys
2011-11-04 12:42:02 . 2011-11-04 12:42:02 104752 ----a-w- C:\Windows\system32\drivers\VBoxNetAdp.sys
2011-11-03 22:47:42 . 2011-12-15 15:59:39 1798144 ----a-w- C:\Windows\system32\jscript9.dll
2011-11-03 22:40:21 . 2011-12-15 15:59:33 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-11-03 22:39:47 . 2011-12-15 15:59:37 1127424 ----a-w- C:\Windows\system32\wininet.dll
2011-11-03 22:31:57 . 2011-12-15 15:59:41 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-12-21 07:39:32 . 2011-09-30 19:29:04 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-24 09:48:49 1574240 ----a-w- C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-24 09:48:49 1574240]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="C:\Program Files\Uniblue\DriverScanner\launcher.exe" [2011-10-20 13:43:56 338296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"snp325"="C:\Windows\vsnp325.exe" [2006-10-10 13:11:08 827392]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 22:32:54 61440]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]

C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Maminka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UnderWorld - Patcher.lnk]
path=C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UnderWorld - Patcher.lnk
backup=C:\Windows\pss\UnderWorld - Patcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37:53 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-10-21 18:30:06 2663232 ----a-w- C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57:08 369200 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-18 18:25:48 137536 ----atw- C:\Users\Maminka\AppData\Local\Facebook\Update\FacebookUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50:40 20480 ----a-w- C:\Windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry]
2011-06-16 12:37:33 3830424 ----a-w- C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2002-03-28 14:14:29 136176 ----atw- C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03:34 4283256 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-12-13 16:42:08 922976 ----a-w- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2006-10-10 13:11:08 827392 ----a-w- C:\Windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 20:55:08 339968 ----a-w- C:\Windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2006-10-10 14:49:42 270336 ----a-w- C:\Windows\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21:28 648072 ----a-w- C:\Windows\WindowsMobile\wmdcBase.exe

R2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 07:12:23 136176]
R3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 07:12:23 136176]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:37:50 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 10:21:14 15872]
R3 SNP325;USB PC Camera (SNPSTD325);C:\Windows\system32\DRIVERS\snp325.sys [2007-04-03 12:55:26 10251904]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 11:05:55 25088]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 03:08:48 47128]
R4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 01:09:28 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 01:23:24 366936]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2011-12-27 18:28:28 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-12-14 12:13:28 748440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 15:18:10 1361288]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - TRUESIGHT
*Deregistered* - eamon
*Deregistered* - ehdrv
*Deregistered* - epfw
*Deregistered* - epfwtdi
*Deregistered* - StarOpen
*Deregistered* - TrueSight

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Obsah adresáře 'Naplánované úlohy'

2012-01-24 C:\Windows\Tasks\DriverScanner.job
- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2002-01-01 00:12:28 . 2011-10-20 13:43:56]

2012-01-23 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
- C:\Users\Maminka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 18:25:50 . 2011-11-18 18:25:48]

2012-01-24 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job
- C:\Users\Maminka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 18:25:50 . 2011-11-18 18:25:48]

2012-01-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 07:12:46 . 2011-10-15 07:12:23]

2012-01-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 07:12:46 . 2011-10-15 07:12:23]

2012-01-24 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000Core.job
- C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2002-03-28 14:14:31 . 2002-03-28 14:14:29]

2012-01-24 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211703723-3948256759-4122604311-1000UA.job
- C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2002-03-28 14:14:31 . 2002-03-28 14:14:29]


------- Doplňkový sken -------

uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: ????3?? - C:\Users\Maminka\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - C:\Users\Maminka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
TCP: Interfaces\{CF09A195-838F-4686-94D1-33C067E4BFC7}: NameServer = 62.129.50.20,85.135.32.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - C:\Users\Maminka\AppData\Roaming\Mozilla\Firefox\Profiles\ealo8oxb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-browser&utm_medium=ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
HKCU-Run-SmartRAM - C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
HKLM-Run-vProt - C:\Program Files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-RunOnce-MyWebSearch bar Uninstall - C:\PROGRA~1\UNINST~1.DLL
MSConfigStartUp-ICQ - ~C:\Program Files\ICQ7.6\ICQ.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SmartRAM - C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
MSConfigStartUp-WebcamMaxAutoRun - C:\Program Files\WebcamMax\WebcamMax.exe
AddRemove-Cool's_Codec_pack_4.12 - C:\Windows\iun6002.exe
AddRemove-CraftBukkit - C:\Users\Maminka\Desktop\Minecraft\Server\Uninstall.exe
AddRemove-Hamachi - C:\Program Files\Hamachi\uninstall.exe

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 12:29
od vyosek
:arrow: CF nejak nemakal jak mel, tak jej nebudem pokouset a vezmem to necim jinym

:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Re: Trojsky kuň Dropper.Generic5

Napsal: 24 led 2012 13:18
od dominikvyt
zatim stale čekam ani se ještě nezamodřil ani začatek:)) už min 20min se mi zda:))
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz