VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

https://forum.viry.cz:443/viewtopic.php?t=120044

Stránka 1 z 2

Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 01 bře 2012 19:10
od Mira
log z Combofix

ComboFix 12-03-01.01 - Mirek 01.03.2012 18:07:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4095.2702 [GMT 1:00]
Spuštěný z: c:\work\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.sys
c:\windows\SysWow64\skinboxer43.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{17314228-173E-4057-AC9F-E653543A20C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-01 do 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 17:12 . 2012-03-01 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- C:\rsit
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- c:\program files\trend micro
2012-03-01 00:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-01 00:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-01 00:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 00:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-29 22:03 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-29 22:03 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 22:03 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-29 22:03 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-29 22:03 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-29 22:03 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-29 22:03 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-29 22:03 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-29 22:03 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-29 22:03 . 2012-02-29 22:03 -------- d-----w- c:\programdata\AVAST Software
2012-02-29 22:03 . 2012-02-29 22:03 -------- d-----w- c:\program files\AVAST Software
2012-02-29 21:43 . 2012-02-29 21:47 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2012-02-29 21:41 . 2012-02-29 21:41 70088 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-02-29 21:40 . 2008-02-22 17:54 19496 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-29 21:40 . 2008-02-22 17:54 126312 ----a-w- c:\windows\system32\GEARASpi64.dll
2012-02-29 21:40 . 2012-02-29 21:40 33736 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\programdata\G DATA
2012-02-29 21:40 . 2012-02-29 21:40 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\program files (x86)\Common Files\G DATA
2012-02-29 21:39 . 2012-02-29 21:39 -------- d-----w- c:\users\Mirek\AppData\Local\Downloaded Installations
2012-02-29 13:22 . 2012-02-29 13:22 -------- d-----w- c:\users\Mirek\AppData\Local\ESET
2012-02-29 13:10 . 2012-03-01 00:30 -------- d-----w- c:\users\Mirek\AppData\Local\ElevatedDiagnostics
2012-02-27 20:50 . 2012-02-27 20:50 -------- d-----w- c:\program files\Recuva
2012-02-25 14:18 . 2012-02-25 15:22 -------- d-----w- c:\users\Mirek\AppData\Roaming\Hamachi
2012-02-25 14:17 . 2012-02-25 14:17 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-02-25 14:17 . 2012-02-25 14:27 -------- d-----w- c:\program files (x86)\Hamachi
2012-02-25 12:55 . 2012-02-25 12:55 -------- d-----w- c:\users\Mirek\AppData\Local\GameSpy
2012-02-25 12:54 . 2012-02-25 13:03 -------- d-----w- c:\users\Mirek\AppData\Local\ApplicationHistory
2012-02-23 23:27 . 2012-02-23 23:32 -------- d-----w- c:\users\Mirek\AppData\Roaming\foobar2000
2012-02-23 15:14 . 2005-06-01 11:15 966144 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-02-23 15:14 . 2005-06-01 11:11 877568 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-02-23 15:14 . 2004-03-08 23:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2012-02-23 15:14 . 2003-05-15 11:07 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-02-23 15:14 . 2002-04-07 21:14 724992 ----a-w- c:\windows\SysWow64\ebCrypt.dll
2012-02-23 15:14 . 2000-01-28 12:58 102400 ----a-w- c:\windows\SysWow64\ccrpprg6.ocx
2012-02-22 22:49 . 2012-02-22 22:49 -------- d-----w- c:\users\Mirek\AppData\Roaming\Stealth Software
2012-02-22 21:54 . 2012-02-22 21:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\users\Mirek\AppData\Local\eMule
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\programdata\eMule
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\Malwarebytes
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\programdata\Malwarebytes
2012-02-22 20:35 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 16:22 . 2012-02-27 21:04 -------- d-----w- c:\program files\CCleaner
2012-02-17 13:34 . 2012-02-18 02:13 -------- d-----w- c:\users\Mirek\AppData\Roaming\Media Finder
2012-02-17 13:33 . 2012-02-17 13:33 237 ----a-w- C:\user.js
2012-02-17 13:33 . 2012-02-17 13:33 -------- d-----w- c:\users\Mirek\AppData\Roaming\Babylon
2012-02-17 13:33 . 2012-02-17 13:33 -------- d-----w- c:\users\Mirek\AppData\Local\Babylon
2012-02-17 13:33 . 2012-02-17 13:33 -------- d-----w- c:\programdata\Babylon
2012-02-16 20:38 . 2012-02-29 21:39 430 ----a-w- c:\users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.pif
2012-02-16 17:03 . 2012-02-16 17:03 -------- d-----w- c:\users\Mirek\AppData\Local\Shareaza
2012-02-16 17:03 . 2012-02-23 12:30 -------- d-----w- c:\users\Mirek\AppData\Roaming\Shareaza
2012-02-16 14:49 . 2012-02-16 14:49 -------- d-----w- c:\users\Mirek\AppData\Local\EA Games
2012-02-16 14:41 . 2012-02-16 14:41 -------- d-----w- c:\program files (x86)\EA Games
2012-02-16 14:25 . 2012-02-16 14:25 -------- d--h--r- c:\users\Mirek\AppData\Roaming\SecuROM
2012-02-16 14:25 . 2012-02-16 14:25 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-02-16 14:24 . 2012-02-24 17:27 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-16 14:24 . 2012-02-24 17:27 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-16 14:24 . 2012-02-16 14:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-13 18:59 . 2012-02-14 21:09 -------- d-----w- c:\program files (x86)\Need for Speed The Run
2012-02-13 18:57 . 2012-02-13 18:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 18:56 . 2012-02-13 18:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-12 12:56 . 2012-02-12 12:58 -------- d-----w- c:\users\Mirek\AppData\Local\Rockstar Games
2012-02-12 12:49 . 2012-02-12 12:49 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-12 12:43 . 2012-02-12 12:43 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-12 12:22 . 2012-02-12 12:23 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-02-11 14:58 . 2012-02-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-02-11 14:57 . 2012-02-11 14:57 -------- d-----w- c:\program files (x86)\Futuremark
2012-02-11 14:07 . 2012-02-11 14:09 -------- d-----w- C:\aaa
2012-02-11 14:02 . 2012-02-11 14:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-11 13:21 . 2012-02-11 13:21 -------- d-----w- c:\program files (x86)\Setup Files
2012-02-10 18:58 . 2012-02-10 19:13 -------- d-----w- c:\program files (x86)\BitLord
2012-02-10 17:39 . 2012-02-10 17:41 -------- d-----w- c:\program files (x86)\Mafia II
2012-02-10 17:35 . 2012-02-10 17:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\TeamViewer
2012-02-10 17:03 . 2012-02-10 17:03 -------- d-----w- c:\programdata\Solidshield
2012-02-10 14:07 . 2012-02-10 14:07 -------- d-----w- c:\users\Mirek\AppData\Local\4A Games
2012-02-10 13:12 . 2012-02-10 13:19 -------- d-----w- c:\program files (x86)\METRO 2033
2012-02-09 23:41 . 2012-02-09 23:41 -------- d-----w- c:\users\Mirek\AppData\Local\2K Games
2012-02-09 23:33 . 2012-02-09 23:33 -------- d-----w- c:\program files (x86)\2K Games
2012-02-09 14:57 . 2012-02-09 15:38 -------- d-----w- c:\program files (x86)\RAR Password Unlocker
2012-02-09 14:35 . 2012-02-09 15:37 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-02-08 19:36 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\Battlefield 3
2012-02-07 23:29 . 2012-02-07 23:29 -------- d-----w- c:\users\Mirek\AppData\Local\FlatOut Ultimate Carnage
2012-02-07 23:23 . 2012-02-07 23:23 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-07 23:22 . 2012-02-07 23:22 -------- d-----w- c:\program files (x86)\Empire Interactive
2012-02-07 15:15 . 2012-02-07 15:15 -------- d-----w- c:\windows\Sun
2012-02-07 10:44 . 2012-02-29 22:02 -------- d-----w- c:\windows\system32\appmgmt
2012-02-07 09:48 . 2012-02-07 09:48 -------- d-----w- c:\users\Mirek\AppData\Local\Nero
2012-02-07 09:43 . 2012-02-07 09:43 -------- d-----w- c:\users\Mirek\AppData\Roaming\Nero
2012-02-07 09:37 . 2012-02-07 10:01 -------- d-----w- c:\users\Mirek\AppData\Local\Ahead
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\programdata\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-02-07 09:30 . 2012-02-11 14:30 -------- d-----w- c:\program files (x86)\AskTBar
2012-02-07 09:15 . 2012-02-07 09:15 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-06 17:43 . 2012-02-06 18:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-06 17:43 . 2012-02-06 17:48 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-06 17:36 . 2012-02-06 18:03 -------- d-----w- c:\program files (x86)\StarCraft II
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Roaming\Day 1 Studios
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Local\SKIDROW
2012-02-05 20:15 . 2012-02-05 20:15 -------- d-----w- c:\program files (x86)\F.E.A.R. 3
2012-02-05 20:08 . 2012-02-05 20:08 -------- d-----w- c:\programdata\EA Core
2012-02-04 23:51 . 2012-02-04 23:51 -------- d-----w- c:\program files (x86)\Ubisoft
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\users\Mirek\AppData\Roaming\Canneverbe Limited
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\programdata\Canneverbe Limited
2012-02-04 13:48 . 2009-02-02 16:50 36864 ------w- c:\windows\Algouinstall.exe
2012-02-04 13:48 . 2012-02-04 13:48 -------- d-----w- c:\program files (x86)\Algorithmix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 03:30 . 2012-01-29 03:30 2897 ----a-w- c:\windows\SysWow64\sdbackup.reg
2012-01-25 17:59 . 2012-01-22 08:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-24 16:57 . 2012-01-24 16:57 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-24 16:57 . 2012-01-24 16:57 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-22 09:00 . 2012-01-22 09:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 10:00 . 2012-01-14 10:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 448512 ----a-w- c:\windows\system32\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 10:00 . 2012-01-14 10:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-14 08:48 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-01-14 08:48 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:48 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-01-14 08:48 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-01-14 08:48 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-11-10 03:15 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-11-10 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-11-10 02:40 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-11-10 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-11-10 02:18 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-11-10 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-11-10 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-11-10 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-01-14 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-01-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"="c:\users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe" [2012-02-22 265216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Mirek\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-09 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-21 14136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF16875.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=920583560000000000006c626dc08fe9
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\
FF - user.js: extensions.BabylonToolbar_i.id - 920583560000000000006c626dc08fe9
FF - user.js: extensions.BabylonToolbar_i.hardId - 920583560000000000006c626dc08fe9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} - c:\program files\Realtek\Audio\HDA\RtlUpd64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4142652493-215447543-3548880870-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-03-01 18:19:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-01 17:19
.
Před spuštěním: Volných bajtů: 595 920 605 184
Po spuštění: Volných bajtů: 595 540 328 448
.
- - End Of File - - 6A9D825C83E6318336D8238E5BA36186

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 01 bře 2012 19:10
od Mira
a log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mirek at 2012-03-01 18:04:03
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 568 GB (60%) free of 954 GB
Total RAM: 4095 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:10, on 1.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Desktop Lighter\DLighter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Mirek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 626dc08fe9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Mirek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [HTC Home] "C:\Users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - (no file)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8452 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1080.f026d50.1132757600 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 1080 "\\.\pipe\gecko-crash-server-pipe.1080" plugin
"C:\Program Files (x86)\Desktop Lighter\DLighter.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:145409
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:145410
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:145412
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:145413
"C:\Windows\system32\notepad.exe"
"C:\Work\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\extensions\
ffxtlbr@babylon.com
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

C:\Users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-02-23 1201464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-01-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-23 998560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Mirek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-06 142288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-02-23 1201464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-23 998560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"=C:\Users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe [2012-02-22 265216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder]
C:\Program Files (x86)\Media Finder\MF.exe /opentotray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^{17314228-173E-4057-AC9F-E653543A20C7}.lnk]
C:\Users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.dll,AppStartup CommonStartup []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-02-23 4031368]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2012-03-01 18:04:03 ----D---- C:\rsit
2012-03-01 18:04:03 ----D---- C:\Program Files\trend micro
2012-03-01 01:40:56 ----A---- C:\Windows\system32\MRT.exe
2012-03-01 01:40:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-03-01 01:40:24 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-01 01:40:23 ----A---- C:\Windows\system32\iertutil.dll
2012-03-01 01:40:22 ----A---- C:\Windows\SYSWOW64\url.dll
2012-03-01 01:40:22 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-03-01 01:40:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-03-01 01:40:22 ----A---- C:\Windows\system32\url.dll
2012-03-01 01:40:22 ----A---- C:\Windows\system32\jscript9.dll
2012-03-01 01:40:21 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-03-01 01:40:21 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-03-01 01:40:21 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-03-01 01:40:21 ----A---- C:\Windows\system32\jscript.dll
2012-03-01 01:40:21 ----A---- C:\Windows\system32\ieui.dll
2012-03-01 01:40:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-03-01 01:40:20 ----A---- C:\Windows\system32\urlmon.dll
2012-03-01 01:40:20 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-01 01:40:19 ----A---- C:\Windows\system32\wininet.dll
2012-03-01 01:40:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-03-01 01:40:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-03-01 01:40:16 ----A---- C:\Windows\system32\mshtml.dll
2012-03-01 01:40:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-03-01 01:40:14 ----A---- C:\Windows\system32\ieframe.dll
2012-03-01 01:33:08 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-03-01 01:33:08 ----A---- C:\Windows\system32\msvcrt.dll
2012-03-01 01:33:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-01 01:33:07 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-29 23:03:24 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-02-29 23:03:24 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-29 23:03:23 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-02-29 23:03:23 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-02-29 23:03:23 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-02-29 23:03:22 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-02-29 23:03:22 ----A---- C:\Windows\system32\aswBoot.exe
2012-02-29 23:03:11 ----A---- C:\Windows\avastSS.scr
2012-02-29 23:03:10 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-02-29 23:03:02 ----D---- C:\ProgramData\AVAST Software
2012-02-29 23:03:02 ----D---- C:\Program Files\AVAST Software
2012-02-29 23:01:57 ----SHD---- C:\Config.Msi
2012-02-29 22:43:54 ----A---- C:\Windows\SYSWOW64\drivers\GRD.sys
2012-02-29 22:41:15 ----A---- C:\Windows\system32\drivers\MiniIcpt.sys
2012-02-29 22:40:47 ----A---- C:\Windows\system32\GEARASpi64.dll
2012-02-29 22:40:47 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-02-29 22:40:44 ----A---- C:\Windows\system32\drivers\GDBehave.sys
2012-02-29 22:40:43 ----D---- C:\ProgramData\G DATA
2012-02-29 22:40:43 ----A---- C:\Windows\system32\drivers\gdwfpcd64.sys
2012-02-29 22:38:46 ----D---- C:\Windows\pss
2012-02-29 14:22:46 ----D---- C:\Users\Mirek\AppData\Roaming\ESET
2012-02-27 21:50:33 ----D---- C:\Program Files\Recuva
2012-02-25 15:18:04 ----D---- C:\Users\Mirek\AppData\Roaming\Hamachi
2012-02-25 15:17:51 ----A---- C:\Windows\system32\drivers\hamachi.sys
2012-02-25 15:17:50 ----D---- C:\Program Files (x86)\Hamachi
2012-02-24 00:27:47 ----D---- C:\Users\Mirek\AppData\Roaming\foobar2000
2012-02-23 16:14:20 ----A---- C:\Windows\SYSWOW64\SkinBoxer43.dll
2012-02-23 16:14:20 ----A---- C:\Windows\SYSWOW64\NCTAudioInformation2.dll
2012-02-23 16:14:20 ----A---- C:\Windows\SYSWOW64\NCTAudioFile2.dll
2012-02-23 16:14:20 ----A---- C:\Windows\SYSWOW64\ebCrypt.dll
2012-02-22 23:49:17 ----D---- C:\Users\Mirek\AppData\Roaming\Stealth Software
2012-02-22 22:54:28 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-02-22 22:07:19 ----D---- C:\ProgramData\eMule
2012-02-22 21:35:58 ----D---- C:\Users\Mirek\AppData\Roaming\Malwarebytes
2012-02-22 21:35:55 ----D---- C:\ProgramData\Malwarebytes
2012-02-22 21:35:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-22 21:35:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-02-22 17:22:13 ----D---- C:\Program Files\CCleaner
2012-02-17 14:34:44 ----D---- C:\Users\Mirek\AppData\Roaming\Media Finder
2012-02-17 14:33:57 ----A---- C:\user.js
2012-02-17 14:33:24 ----D---- C:\Users\Mirek\AppData\Roaming\Babylon
2012-02-17 14:33:24 ----D---- C:\ProgramData\Babylon
2012-02-16 18:03:36 ----D---- C:\Users\Mirek\AppData\Roaming\Shareaza
2012-02-16 15:41:36 ----D---- C:\Program Files (x86)\EA Games
2012-02-16 15:26:19 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-02-16 15:25:58 ----RHD---- C:\Users\Mirek\AppData\Roaming\SecuROM
2012-02-16 15:25:58 ----D---- C:\Windows\SYSWOW64\URTTEMP
2012-02-16 15:24:58 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-02-16 15:24:57 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-02-16 15:24:57 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2012-02-13 19:59:43 ----D---- C:\Program Files (x86)\Need for Speed The Run
2012-02-13 19:57:03 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-02-13 19:56:58 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-02-12 13:49:04 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2012-02-12 13:43:06 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-02-12 13:22:44 ----D---- C:\Program Files (x86)\Rockstar Games
2012-02-11 15:57:32 ----D---- C:\Program Files (x86)\Futuremark
2012-02-11 15:07:48 ----D---- C:\aaa
2012-02-11 15:02:28 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-02-11 14:21:18 ----D---- C:\Program Files (x86)\Setup Files
2012-02-10 19:58:45 ----D---- C:\Program Files (x86)\BitLord
2012-02-10 18:39:09 ----D---- C:\Program Files (x86)\Mafia II
2012-02-10 18:35:01 ----D---- C:\Users\Mirek\AppData\Roaming\TeamViewer
2012-02-10 18:03:16 ----D---- C:\ProgramData\Solidshield
2012-02-10 14:12:55 ----D---- C:\Program Files (x86)\METRO 2033
2012-02-10 00:33:28 ----D---- C:\Program Files (x86)\2K Games
2012-02-09 16:45:37 ----D---- C:\Program Files\WinRAR
2012-02-09 15:57:44 ----D---- C:\Program Files (x86)\RAR Password Unlocker
2012-02-09 15:35:45 ----D---- C:\Program Files (x86)\ElcomSoft
2012-02-08 20:36:19 ----D---- C:\Program Files (x86)\Battlefield 3
2012-02-08 20:12:14 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-02-08 20:12:14 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-02-08 20:12:14 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-02-08 20:12:14 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-02-08 20:12:13 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-02-08 20:12:13 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-02-08 20:12:13 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-02-08 20:12:13 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-02-08 20:12:13 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-02-08 20:12:13 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-02-08 20:12:13 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-02-08 20:12:13 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-02-08 20:12:12 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-02-08 20:12:12 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-02-08 20:12:12 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-02-08 20:12:12 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-02-08 00:23:45 ----D---- C:\Windows\SYSWOW64\xlive
2012-02-08 00:22:24 ----D---- C:\Program Files (x86)\Empire Interactive
2012-02-07 16:15:10 ----D---- C:\Windows\Sun
2012-02-07 11:44:29 ----D---- C:\Windows\system32\appmgmt
2012-02-07 11:01:12 ----A---- C:\Windows\NeroDigital.ini
2012-02-07 10:43:59 ----D---- C:\Users\Mirek\AppData\Roaming\Nero
2012-02-07 10:37:58 ----D---- C:\Program Files (x86)\NeroInstall.bak
2012-02-07 10:37:13 ----A---- C:\Windows\Irremote.ini
2012-02-07 10:36:12 ----D---- C:\ProgramData\Nero
2012-02-07 10:36:12 ----D---- C:\Program Files (x86)\Nero
2012-02-07 10:30:08 ----D---- C:\Program Files (x86)\AskTBar
2012-02-06 18:43:43 ----D---- C:\ProgramData\Blizzard Entertainment
2012-02-06 18:36:12 ----D---- C:\Program Files (x86)\StarCraft II
2012-02-05 21:19:13 ----D---- C:\Users\Mirek\AppData\Roaming\Day 1 Studios
2012-02-05 21:15:47 ----D---- C:\Program Files (x86)\F.E.A.R. 3
2012-02-05 21:08:53 ----D---- C:\ProgramData\EA Core
2012-02-05 00:51:59 ----D---- C:\Program Files (x86)\Ubisoft
2012-02-04 15:00:43 ----D---- C:\Users\Mirek\AppData\Roaming\Canneverbe Limited
2012-02-04 15:00:43 ----D---- C:\ProgramData\Canneverbe Limited
2012-02-04 14:48:13 ----N---- C:\Windows\Algouinstall.exe
2012-02-04 14:48:12 ----D---- C:\Program Files (x86)\Algorithmix
2012-01-29 13:22:37 ----D---- C:\ProgramData\ATI
2012-01-29 13:22:34 ----D---- C:\Program Files (x86)\AMD APP
2012-01-29 13:18:10 ----D---- C:\AMD
2012-01-29 04:26:07 ----D---- C:\Program Files\Common Files\EasyInfo
2012-01-28 15:32:24 ----D---- C:\Users\Mirek\AppData\Roaming\Microsoft Game Studios
2012-01-28 14:47:03 ----D---- C:\ProgramData\Electronic Arts
2012-01-28 14:43:22 ----D---- C:\Program Files (x86)\Electronic Arts
2012-01-28 14:43:21 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-01-28 14:43:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-01-28 14:43:21 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-01-28 14:43:21 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-01-28 14:43:21 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-01-28 14:43:21 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-01-28 14:43:20 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2012-01-28 14:43:20 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-01-28 14:43:20 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-01-28 14:43:20 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-01-28 14:43:20 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-01-28 14:43:20 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-01-28 14:43:19 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-01-28 14:43:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-01-28 14:43:19 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-01-28 14:43:19 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2012-01-28 14:43:18 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2012-01-28 14:43:18 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\system32\d3dx10_42.dll
2012-01-28 14:43:18 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-01-28 14:43:18 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-01-28 14:43:17 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-01-28 14:43:17 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-01-28 14:43:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-01-28 14:43:16 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-01-28 14:43:15 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-01-28 14:43:15 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-01-28 14:43:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-01-28 14:43:14 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-01-28 14:43:13 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-01-28 14:43:13 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-01-28 14:43:13 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-01-28 14:43:13 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-01-28 14:43:13 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-01-28 14:43:13 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-01-28 14:43:12 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-01-28 14:43:12 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-01-28 14:43:12 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-01-28 14:43:12 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-01-28 14:43:12 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-01-28 14:43:12 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-01-28 14:43:12 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-01-28 14:43:12 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-01-28 14:43:11 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-01-28 14:43:11 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-01-28 14:43:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-01-28 14:43:11 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-01-28 14:43:11 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-01-28 14:43:11 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-01-28 14:43:10 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-01-28 14:43:10 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-01-28 14:43:10 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-01-28 14:43:10 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-01-28 14:43:09 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-01-28 14:43:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-01-28 14:43:09 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-01-28 14:43:09 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-01-28 14:43:09 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-01-28 14:43:09 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-01-28 14:43:09 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-01-28 14:43:09 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-01-28 14:43:08 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-01-28 14:43:08 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-01-28 14:43:08 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-01-28 14:43:08 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-01-28 14:43:07 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-01-28 14:43:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-01-28 14:43:07 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-01-28 14:43:07 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-01-28 14:43:06 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-01-28 14:43:06 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-01-28 14:43:06 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-01-28 14:43:06 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-01-28 14:43:05 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-01-28 14:43:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-01-28 14:43:05 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-01-28 14:43:05 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-01-28 14:43:04 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-01-28 14:43:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-01-28 14:43:04 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-01-28 14:43:04 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-01-28 14:43:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-01-28 14:43:04 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-01-28 14:43:03 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-01-28 14:43:03 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-01-28 14:43:03 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-01-28 14:43:03 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-01-28 14:43:02 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-01-28 14:43:02 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-01-28 14:43:02 ----A---- C:\Windows\system32\xinput1_3.dll
2012-01-28 14:43:02 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-01-28 14:43:01 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-01-28 14:43:01 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-01-28 14:43:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-01-28 14:43:01 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-01-28 14:43:01 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-01-28 14:43:01 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-01-28 14:43:00 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-01-28 14:43:00 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-01-28 14:42:59 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-01-28 14:42:59 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-01-28 14:42:58 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-01-28 14:42:58 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2012-01-28 14:42:58 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-01-28 14:42:58 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-01-28 14:42:58 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-01-28 14:42:58 ----A---- C:\Windows\system32\d3dx10.dll
2012-01-28 14:42:57 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-01-28 14:42:57 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-01-28 14:42:57 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-01-28 14:42:57 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-01-28 14:42:56 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-01-28 14:42:56 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-01-28 14:42:55 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-01-28 14:42:55 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-01-28 14:42:55 ----A---- C:\Windows\system32\xinput1_2.dll
2012-01-28 14:42:55 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-01-28 14:42:54 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-01-28 14:42:54 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-01-28 14:42:54 ----A---- C:\Windows\system32\xinput1_1.dll
2012-01-28 14:42:54 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-01-28 14:42:53 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-01-28 14:42:53 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-01-28 14:42:47 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-01-28 14:42:47 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-01-28 14:42:46 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-01-28 14:42:46 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-01-28 14:42:46 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-01-28 14:42:46 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-01-28 14:42:45 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-01-28 14:42:45 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-01-28 14:42:44 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-01-28 14:42:44 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-01-28 14:42:43 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-01-28 14:42:43 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-01-28 14:42:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-01-28 14:42:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-01-28 14:42:42 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-01-28 14:42:42 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-01-28 14:42:41 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-01-28 14:42:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-01-28 14:40:38 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-01-28 14:33:46 ----D---- C:\Users\Mirek\AppData\Roaming\DAEMON Tools Lite
2012-01-28 14:33:43 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-01-28 01:34:48 ----D---- C:\Users\Mirek\AppData\Roaming\Mipony
2012-01-28 01:34:41 ----D---- C:\Program Files (x86)\MiPony
2012-01-27 23:50:34 ----D---- C:\Users\Mirek\AppData\Roaming\WinRAR
2012-01-27 23:50:26 ----D---- C:\Program Files (x86)\WinRAR
2012-01-27 23:46:56 ----D---- C:\Users\Mirek\AppData\Roaming\PhotoFiltre Studio X
2012-01-27 23:46:49 ----D---- C:\Program Files (x86)\PhotoFiltre Studio X
2012-01-26 18:45:19 ----D---- C:\QIP Infium JadrisPack
2012-01-25 21:36:21 ----D---- C:\Downloads
2012-01-25 21:33:50 ----D---- C:\Program Files (x86)\Free Download Manager
2012-01-25 21:11:59 ----D---- C:\Program Files (x86)\foobar2000
2012-01-25 18:42:04 ----D---- C:\Users\Mirek\AppData\Roaming\Mozilla
2012-01-25 18:39:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-01-24 19:20:25 ----D---- C:\Users\Mirek\AppData\Roaming\Opera
2012-01-24 19:20:21 ----D---- C:\Program Files (x86)\Opera
2012-01-24 18:25:01 ----D---- C:\Program Files (x86)\Vypínač na dobrou noc
2012-01-24 18:18:35 ----D---- C:\Users\Mirek\AppData\Roaming\vlc
2012-01-24 18:18:23 ----D---- C:\Program Files (x86)\VideoLAN
2012-01-23 21:57:02 ----D---- C:\Program Files (x86)\Desktop Lighter
2012-01-23 21:38:13 ----D---- C:\Program Files (x86)\DreamCom
2012-01-23 21:34:45 ----D---- C:\Users\Mirek\AppData\Roaming\QIP
2012-01-23 20:30:54 ----D---- C:\001_____________MEDIA
2012-01-23 20:06:05 ----D---- C:\Program Files (x86)\MSI
2012-01-23 19:35:49 ----D---- C:\Users\Mirek\AppData\Roaming\Skype
2012-01-23 19:35:45 ----RD---- C:\Program Files (x86)\Skype
2012-01-23 19:35:44 ----D---- C:\ProgramData\Skype
2012-01-22 10:13:18 ----D---- C:\Program Files (x86)\Adobe
2012-01-22 10:12:49 ----D---- C:\ProgramData\Adobe
2012-01-22 10:01:06 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-01-22 10:01:06 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-01-22 10:01:06 ----A---- C:\Windows\SYSWOW64\java.exe
2012-01-22 10:01:06 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-01-22 10:00:50 ----D---- C:\Program Files (x86)\Java
2012-01-22 09:58:16 ----D---- C:\ProgramData\Sun
2012-01-22 09:53:49 ----D---- C:\Windows\SYSWOW64\Macromed
2012-01-22 09:53:47 ----D---- C:\Windows\system32\Macromed
2012-01-22 09:52:01 ----D---- C:\Users\Mirek\AppData\Roaming\FastStone
2012-01-22 09:51:51 ----D---- C:\Program Files (x86)\FastStone Image Viewer
2012-01-21 13:52:42 ----D---- C:\Program Files (x86)\OCCT
2012-01-21 12:34:13 ----D---- C:\Program Files (x86)\The KMPlayer
2012-01-21 12:23:40 ----D---- C:\Users\Mirek\AppData\Roaming\Macromedia
2012-01-21 12:23:40 ----D---- C:\Users\Mirek\AppData\Roaming\Adobe
2012-01-21 10:34:42 ----A---- C:\Windows\system32\shell32.dll
2012-01-21 10:34:41 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-01-21 10:34:39 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2012-01-21 10:34:39 ----A---- C:\Windows\system32\xmllite.dll
2012-01-21 10:34:38 ----A---- C:\Windows\system32\tquery.dll
2012-01-21 10:34:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-01-21 10:34:38 ----A---- C:\Windows\system32\mssrch.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\tquery.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\mssph.dll
2012-01-21 10:34:37 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2012-01-21 10:34:37 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-01-21 10:34:37 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-01-21 10:34:37 ----A---- C:\Windows\system32\mssvp.dll
2012-01-21 10:34:37 ----A---- C:\Windows\system32\mssphtb.dll
2012-01-21 10:34:37 ----A---- C:\Windows\system32\mssph.dll
2012-01-21 10:34:37 ----A---- C:\Windows\system32\msscntrs.dll
2012-01-21 10:34:36 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-01-21 10:34:36 ----A---- C:\Windows\system32\FntCache.dll
2012-01-21 10:34:36 ----A---- C:\Windows\system32\d2d1.dll
2012-01-21 10:34:35 ----A---- C:\Windows\SYSWOW64\explorer.exe
2012-01-21 10:34:35 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2012-01-21 10:34:35 ----A---- C:\Windows\system32\DWrite.dll
2012-01-21 10:34:35 ----A---- C:\Windows\explorer.exe
2012-01-21 10:34:34 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2012-01-21 10:34:34 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2012-01-21 10:34:31 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-01-21 10:34:31 ----A---- C:\Windows\system32\XpsPrint.dll
2012-01-21 10:34:27 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2012-01-21 10:34:27 ----A---- C:\Windows\SYSWOW64\esent.dll
2012-01-21 10:34:27 ----A---- C:\Windows\system32\fsutil.exe
2012-01-21 10:34:27 ----A---- C:\Windows\system32\esent.dll
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\storport.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\nvstor.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\nvraid.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\amdxata.sys
2012-01-21 10:34:27 ----A---- C:\Windows\system32\drivers\amdsata.sys
2012-01-21 10:34:25 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2012-01-21 10:34:25 ----A---- C:\Windows\system32\d3d10_1.dll
2012-01-21 10:34:24 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2012-01-21 10:33:18 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2012-01-21 10:33:18 ----A---- C:\Windows\system32\prevhost.exe
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbohci.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-01-21 10:33:18 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-01-21 10:26:23 ----D---- C:\Program Files (x86)\MSECache
2012-01-21 10:22:10 ----A---- C:\Windows\ODBC.INI
2012-01-21 10:21:09 ----D---- C:\Program Files (x86)\Microsoft Office
2012-01-15 23:13:17 ----D---- C:\Program Files (x86)\Geeks3D
2012-01-15 20:08:28 ----D---- C:\Program Files\Realtek
2012-01-15 20:08:26 ----D---- C:\Program Files (x86)\Realtek
2012-01-15 20:08:26 ----A---- C:\Windows\system32\RtkHDM64.dll
2012-01-15 20:08:26 ----A---- C:\Windows\system32\RHDMEx64.dll
2012-01-15 20:08:26 ----A---- C:\Windows\system32\RHCoInst64.dll
2012-01-15 20:08:26 ----A---- C:\Windows\system32\RH3DHT64.dll
2012-01-15 20:08:26 ----A---- C:\Windows\system32\RH3DAA64.dll
2012-01-15 20:08:26 ----A---- C:\Windows\system32\drivers\RtHDMIVX.sys
2012-01-15 20:08:22 ----HD---- C:\Program Files (x86)\Temp
2012-01-15 20:08:22 ----A---- C:\Windows\RtlExUpd.dll
2012-01-15 20:07:45 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-15 20:07:35 ----D---- C:\Program Files (x86)\Renesas Electronics
2012-01-15 20:06:57 ----D---- C:\ProgramData\Downloaded Installations
2012-01-15 20:06:34 ----D---- C:\Temp
2012-01-15 19:50:08 ----D---- C:\Users\Mirek\AppData\Roaming\ATI
2012-01-15 19:49:54 ----D---- C:\ProgramData\AMD
2012-01-15 19:49:53 ----A---- C:\Windows\system32\drivers\amdiox64.sys
2012-01-15 19:49:47 ----D---- C:\Program Files (x86)\ATI Technologies
2012-01-15 19:48:48 ----D---- C:\Program Files\Common Files\ATI Technologies
2012-01-15 19:40:16 ----D---- C:\totalcmd
2012-01-15 19:34:40 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2012-01-15 19:34:39 ----DC---- C:\Windows\system32\DRVSTORE
2012-01-15 19:34:27 ----D---- C:\Program Files\ATI
2012-01-15 19:34:06 ----D---- C:\Program Files\ATI Technologies
2012-01-15 19:33:25 ----D---- C:\ATI
2012-01-15 19:28:02 ----HD---- C:\ProgramData\Common Files
2012-01-15 19:26:59 ----D---- C:\Program Files (x86)\AVG
2012-01-15 19:23:49 ----SHD---- C:\Windows\Installer
2012-01-15 19:23:43 ----D---- C:\ProgramData\MFAData
2012-01-15 19:19:40 ----D---- C:\Work
2012-01-14 18:41:20 ----D---- C:\Windows\Panther
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\wextract.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\occache.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\msrating.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\msls31.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\mshta.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\inseng.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\icardie.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2012-01-14 11:00:10 ----A---- C:\Windows\SYSWOW64\admparse.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\wextract.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\webcheck.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\vbscript.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\pngfilt.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\occache.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\msrating.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\msls31.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\mshtmler.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\mshta.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\msfeedssync.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\msfeeds.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\licmgr10.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\inseng.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\imgutil.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iexpress.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieUnatt.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iesysprep.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iesetup.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iernonce.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iepeers.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\iedkcs32.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieapfltr.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieapfltr.dat
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieakui.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieaksie.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ieakeng.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\ie4uinit.exe
2012-01-14 11:00:10 ----A---- C:\Windows\system32\icardie.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\dxtrans.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\dxtmsft.dll
2012-01-14 11:00:10 ----A---- C:\Windows\system32\admparse.dll
2012-01-14 10:58:30 ----A---- C:\Windows\system32\schannel.dll
2012-01-14 10:58:29 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-14 10:58:29 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-14 10:58:29 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-14 10:58:29 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\webio.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\sspicli.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\secur32.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\lsass.exe
2012-01-14 10:58:29 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-14 10:58:29 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-14 10:58:29 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-14 10:58:29 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-14 10:50:31 ----A---- C:\Windows\system32\perfi005.dat
2012-01-14 10:50:31 ----A---- C:\Windows\system32\perfh005.dat
2012-01-14 10:50:31 ----A---- C:\Windows\system32\perfd005.dat
2012-01-14 10:50:31 ----A---- C:\Windows\system32\perfc005.dat
2012-01-14 10:47:00 ----D---- C:\Windows\SYSWOW64\cs
2012-01-14 10:45:54 ----D---- C:\Windows\SYSWOW64\XPSViewer
2012-01-14 10:45:54 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2012-01-14 10:45:49 ----D---- C:\Windows\cs-CZ
2012-01-14 10:45:33 ----D---- C:\Windows\system32\cs
2012-01-14 10:44:13 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-01-14 10:13:57 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-01-14 10:13:57 ----A---- C:\Windows\system32\tzres.dll
2012-01-14 10:13:54 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-01-14 10:13:54 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-01-14 10:13:54 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\wow64win.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\wow64.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\winsrv.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\KernelBase.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\kernel32.dll
2012-01-14 10:13:54 ----A---- C:\Windows\system32\conhost.exe
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-01-14 10:13:53 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-01-14 10:13:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-01-14 10:13:53 ----A---- C:\Windows\SYSWOW64\user.exe
2012-01-14 10:13:53 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-01-14 10:13:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-01-14 10:13:53 ----A---- C:\Windows\system32\wow64cpu.dll
2012-01-14 10:13:53 ----A---- C:\Windows\system32\ntvdm64.dll
2012-01-14 10:13:52 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-01-14 10:13:52 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-01-14 10:13:52 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-01-14 10:13:52 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-01-14 10:13:52 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-01-14 10:13:45 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-01-14 10:13:45 ----A---- C:\Windows\system32\poqexec.exe
2012-01-14 10:13:44 ----A---- C:\Windows\system32\CPFilters.dll
2012-01-14 10:13:43 ----A---- C:\Windows\SYSWOW64\sbe.dll
2012-01-14 10:13:43 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2012-01-14 10:13:43 ----A---- C:\Windows\system32\sbe.dll
2012-01-14 10:13:43 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-01-14 10:13:41 ----A---- C:\Windows\system32\winload.exe
2012-01-14 10:13:40 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-14 10:13:40 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-14 10:13:40 ----A---- C:\Windows\system32\winresume.exe
2012-01-14 10:13:40 ----A---- C:\Windows\system32\quartz.dll
2012-01-14 10:13:40 ----A---- C:\Windows\system32\qdvd.dll
2012-01-14 10:13:40 ----A---- C:\Windows\system32\kdusb.dll
2012-01-14 10:13:40 ----A---- C:\Windows\system32\kdcom.dll
2012-01-14 10:13:40 ----A---- C:\Windows\system32\kd1394.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-01-14 10:13:39 ----A---- C:\Windows\system32\odbctrac.dll
2012-01-14 10:13:39 ----A---- C:\Windows\system32\odbccu32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\system32\odbccr32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\system32\odbccp32.dll
2012-01-14 10:13:39 ----A---- C:\Windows\system32\kerberos.dll
2012-01-14 10:13:38 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2012-01-14 10:13:38 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2012-01-14 10:13:38 ----A---- C:\Windows\system32\mfc42u.dll
2012-01-14 10:13:38 ----A---- C:\Windows\system32\mfc42.dll
2012-01-14 10:13:37 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-01-14 10:13:37 ----A---- C:\Windows\system32\drivers\srv.sys
2012-01-14 10:13:36 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-01-14 10:13:36 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-01-14 10:13:36 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-01-14 10:13:36 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-01-14 10:13:36 ----A---- C:\Windows\system32\csrsrv.dll
2012-01-14 10:13:35 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2012-01-14 10:13:35 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2012-01-14 10:13:35 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2012-01-14 10:13:35 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-01-14 10:13:35 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-01-14 10:13:35 ----A---- C:\Windows\system32\fontsub.dll
2012-01-14 10:13:35 ----A---- C:\Windows\system32\dnsrslvr.dll
2012-01-14 10:13:35 ----A---- C:\Windows\system32\dnscacheugc.exe
2012-01-14 10:13:35 ----A---- C:\Windows\system32\dnsapi.dll
2012-01-14 10:13:35 ----A---- C:\Windows\system32\atmlib.dll
2012-01-14 10:13:35 ----A---- C:\Windows\system32\atmfd.dll
2012-01-14 10:13:34 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2012-01-14 10:13:34 ----A---- C:\Windows\system32\psisdecd.dll
2012-01-14 10:13:30 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2012-01-14 10:13:30 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2012-01-14 10:13:30 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2012-01-14 10:13:30 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2012-01-14 10:13:30 ----A---- C:\Windows\system32\oleaut32.dll
2012-01-14 10:13:30 ----A---- C:\Windows\system32\oleacc.dll
2012-01-14 10:13:30 ----A---- C:\Windows\system32\inetcomm.dll
2012-01-14 10:13:30 ----A---- C:\Windows\system32\EncDec.dll
2012-01-14 10:13:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-14 10:13:29 ----A---- C:\Windows\system32\ntdll.dll
2012-01-14 10:13:29 ----A---- C:\Windows\system32\FXSCOVER.exe
2012-01-14 10:13:29 ----A---- C:\Windows\system32\drivers\bowser.sys
2012-01-14 10:13:27 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-01-14 10:13:27 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-01-14 10:13:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-01-14 10:10:19 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-14 10:10:19 ----A---- C:\Windows\system32\packager.dll
2012-01-14 09:49:12 ----D---- C:\Users\Mirek\AppData\Roaming\Identities
2012-01-14 09:48:59 ----SD---- C:\Users\Mirek\AppData\Roaming\Microsoft
2012-01-14 09:48:59 ----D---- C:\Users\Mirek\AppData\Roaming\Media Center Programs
2012-01-14 09:47:51 ----D---- C:\Windows\SYSWOW64\Wat
2012-01-14 09:47:51 ----D---- C:\Windows\system32\Wat
2012-01-14 09:47:02 ----D---- C:\Windows\SoftwareDistribution
2012-01-14 09:46:52 ----SHD---- C:\Recovery
2012-01-14 09:42:31 ----D---- C:\Windows\Prefetch
2012-01-14 09:42:02 ----ASH---- C:\pagefile.sys
2012-01-14 09:42:01 ----SHD---- C:\System Volume Information
2012-01-14 09:42:01 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 2 months======

2012-03-01 18:04:03 ----RD---- C:\Program Files
2012-03-01 17:21:18 ----D---- C:\Windows\Temp
2012-03-01 14:41:09 ----D---- C:\Windows\system32\config
2012-03-01 14:04:18 ----D---- C:\Windows\Microsoft.NET
2012-03-01 14:04:17 ----RSD---- C:\Windows\assembly
2012-03-01 13:47:33 ----D---- C:\Windows\System32
2012-03-01 13:47:33 ----D---- C:\Windows\inf
2012-03-01 13:47:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-01 01:54:09 ----D---- C:\Windows\winsxs
2012-03-01 01:52:49 ----D---- C:\Windows\system32\drivers
2012-03-01 01:52:48 ----D---- C:\Windows\SysWOW64
2012-03-01 01:52:48 ----D---- C:\Program Files (x86)\Internet Explorer
2012-03-01 01:52:47 ----D---- C:\Windows\SYSWOW64\migration
2012-03-01 01:52:47 ----D---- C:\Windows\system32\migration
2012-03-01 01:52:47 ----D---- C:\Program Files\Internet Explorer
2012-03-01 01:40:58 ----D---- C:\Windows\debug
2012-03-01 01:40:34 ----D---- C:\Windows\system32\catroot
2012-03-01 01:33:03 ----D---- C:\Windows\system32\catroot2
2012-02-29 23:03:11 ----D---- C:\Windows
2012-02-29 23:03:02 ----HD---- C:\ProgramData
2012-02-29 23:02:26 ----RD---- C:\Program Files (x86)
2012-02-29 22:43:54 ----D---- C:\Windows\SYSWOW64\drivers
2012-02-29 22:40:29 ----D---- C:\Program Files (x86)\Common Files
2012-02-29 22:32:45 ----SH---- C:\Program Files (x86)\desktop.ini
2012-02-29 22:30:05 ----D---- C:\Windows\system32\DriverStore
2012-02-29 14:46:50 ----D---- C:\Windows\system32\NDF
2012-02-29 12:23:44 ----SD---- C:\ProgramData\Microsoft
2012-02-22 22:54:29 ----D---- C:\Windows\SYSWOW64\en-US
2012-02-22 22:54:29 ----D---- C:\Windows\system32\en-US
2012-02-22 17:33:28 ----D---- C:\Windows\Logs
2012-02-16 15:26:40 ----D---- C:\Windows\Registration
2012-02-16 15:24:57 ----D---- C:\Windows\system32\LogFiles
2012-02-16 14:43:13 ----D---- C:\Windows\system32\Tasks
2012-02-12 19:23:55 ----D---- C:\Windows\system32\wdi
2012-02-07 10:36:10 ----D---- C:\Windows\Cursors
2012-01-29 13:21:54 ----SHD---- C:\$Recycle.Bin
2012-01-29 04:26:07 ----D---- C:\Program Files\Common Files
2012-01-22 09:53:52 ----D---- C:\Windows\Downloaded Program Files
2012-01-22 09:32:59 ----D---- C:\Windows\Tasks
2012-01-21 11:52:08 ----D---- C:\Windows\rescache
2012-01-21 10:36:56 ----RSD---- C:\Windows\Fonts
2012-01-21 10:36:55 ----D---- C:\Windows\AppPatch
2012-01-21 10:36:51 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-01-21 10:36:51 ----D---- C:\Windows\system32\cs-CZ
2012-01-21 10:23:50 ----D---- C:\Windows\system32\drivers\UMDF
2012-01-21 10:21:47 ----D---- C:\Windows\ShellNew
2012-01-21 10:15:42 ----D---- C:\Windows\system
2012-01-15 19:34:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-14 18:40:54 ----D---- C:\Windows\Setup
2012-01-14 11:02:40 ----D---- C:\Windows\PolicyDefinitions
2012-01-14 10:48:18 ----D---- C:\Program Files\Common Files\System
2012-01-14 10:48:16 ----D---- C:\Windows\ehome
2012-01-14 10:47:31 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-01-14 10:47:31 ----D---- C:\Program Files (x86)\Windows Mail
2012-01-14 10:47:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-01-14 10:47:27 ----D---- C:\Program Files (x86)\Windows Media Player
2012-01-14 10:47:24 ----D---- C:\Program Files\Windows Sidebar
2012-01-14 10:47:24 ----D---- C:\Program Files (x86)\Windows Defender
2012-01-14 10:47:20 ----D---- C:\Program Files\Windows Mail
2012-01-14 10:47:20 ----D---- C:\Program Files\DVD Maker
2012-01-14 10:47:18 ----D---- C:\Program Files\Windows Media Player
2012-01-14 10:47:17 ----D---- C:\Program Files\Windows Photo Viewer
2012-01-14 10:47:17 ----D---- C:\Program Files\Windows Journal
2012-01-14 10:47:13 ----D---- C:\Windows\servicing
2012-01-14 10:47:13 ----D---- C:\Program Files\Windows Defender
2012-01-14 10:47:00 ----D---- C:\Windows\SYSWOW64\winrm
2012-01-14 10:47:00 ----D---- C:\Windows\SYSWOW64\slmgr
2012-01-14 10:47:00 ----D---- C:\Windows\SYSWOW64\migwiz
2012-01-14 10:45:53 ----D---- C:\Windows\SYSWOW64\WCN
2012-01-14 10:45:53 ----D---- C:\Windows\SYSWOW64\MUI
2012-01-14 10:45:53 ----D---- C:\Windows\SYSWOW64\DriverStore
2012-01-14 10:45:52 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2012-01-14 10:45:52 ----D---- C:\Windows\SYSWOW64\Dism
2012-01-14 10:45:50 ----D---- C:\Windows\SYSWOW64\wbem
2012-01-14 10:45:49 ----D---- C:\Windows\SYSWOW64\com
2012-01-14 10:45:49 ----D---- C:\Windows\IME
2012-01-14 10:45:34 ----D---- C:\Windows\system32\winrm
2012-01-14 10:45:34 ----D---- C:\Windows\system32\sysprep
2012-01-14 10:45:34 ----D---- C:\Windows\system32\slmgr
2012-01-14 10:45:34 ----D---- C:\Windows\system32\oobe
2012-01-14 10:45:34 ----D---- C:\Windows\system32\migwiz
2012-01-14 10:45:34 ----D---- C:\Windows\system32\Boot
2012-01-14 10:44:13 ----D---- C:\Windows\system32\MUI
2012-01-14 10:44:12 ----D---- C:\Windows\system32\WCN
2012-01-14 10:44:12 ----D---- C:\Windows\system32\Dism
2012-01-14 10:43:55 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-01-14 10:43:45 ----D---- C:\Windows\system32\wbem
2012-01-14 10:43:44 ----D---- C:\Windows\system32\com
2012-01-14 09:58:43 ----D---- C:\Windows\system32\CodeIntegrity
2012-01-14 09:48:58 ----RD---- C:\Users
2012-01-14 09:48:01 ----A---- C:\Windows\SYSWOW64\slwga.dll
2012-01-14 09:48:01 ----A---- C:\Windows\system32\systemcpl.dll
2012-01-14 09:48:01 ----A---- C:\Windows\system32\slwga.dll
2012-01-14 09:48:00 ----A---- C:\Windows\SYSWOW64\user32.dll
2012-01-14 09:48:00 ----A---- C:\Windows\system32\user32.dll
2012-01-14 09:47:05 ----D---- C:\Windows\system32\restore
2012-01-14 09:42:27 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-10-04 80000]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-10-04 40576]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-02-23 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-02-23 817496]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-02-23 335704]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-02-23 59224]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 283200]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-02-23 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-02-23 69976]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 19496]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-02-25 33344]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-04-14 208672]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
S1 {17314228-173E-4057-AC9F-E653543A20C7};{17314228-173E-4057-AC9F-E653543A20C7}; \??\C:\Users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.sys [2012-02-29 1746248]
S3 cpuz130;cpuz130; \??\C:\Users\Mirek\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-09 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-21 14136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-02-23 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-02-16 66872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]

-----------------EOF-----------------

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 02 bře 2012 02:22
od motji
Dobrý večer :)

:arrow: Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 02 bře 2012 13:16
od Mira
Dobry den, tak jsem to projel tim programem a nic mi to nenaslo :?:


TDSSKiller.2.7.18.0_02.03.2012_13.03.17_log.txt

13:03:17.0554 0604 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
13:03:17.0664 0604 ============================================================
13:03:17.0664 0604 Current date / time: 2012/03/02 13:03:17.0664
13:03:17.0664 0604 SystemInfo:
13:03:17.0664 0604
13:03:17.0665 0604 OS Version: 6.1.7601 ServicePack: 1.0
13:03:17.0665 0604 Product type: Workstation
13:03:17.0665 0604 ComputerName: MIREK-PC
13:03:17.0665 0604 UserName: Mirek
13:03:17.0665 0604 Windows directory: C:\Windows
13:03:17.0665 0604 System windows directory: C:\Windows
13:03:17.0665 0604 Running under WOW64
13:03:17.0665 0604 Processor architecture: Intel x64
13:03:17.0665 0604 Number of processors: 4
13:03:17.0665 0604 Page size: 0x1000
13:03:17.0665 0604 Boot type: Normal boot
13:03:17.0666 0604 ============================================================
13:03:19.0162 0604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:03:19.0165 0604 \Device\Harddisk0\DR0:
13:03:19.0165 0604 MBR used
13:03:19.0165 0604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:03:19.0165 0604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:03:19.0183 0604 Initialize success
13:03:19.0183 0604 ============================================================
13:03:28.0288 2520 ============================================================
13:03:28.0288 2520 Scan started
13:03:28.0288 2520 Mode: Manual;
13:03:28.0288 2520 ============================================================
13:03:28.0974 2520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:03:28.0980 2520 1394ohci - ok
13:03:29.0017 2520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:03:29.0023 2520 ACPI - ok
13:03:29.0052 2520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:03:29.0053 2520 AcpiPmi - ok
13:03:29.0132 2520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:03:29.0140 2520 adp94xx - ok
13:03:29.0175 2520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:03:29.0181 2520 adpahci - ok
13:03:29.0214 2520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:03:29.0218 2520 adpu320 - ok
13:03:29.0315 2520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:03:29.0324 2520 AFD - ok
13:03:29.0472 2520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:03:29.0475 2520 agp440 - ok
13:03:29.0559 2520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:03:29.0561 2520 aliide - ok
13:03:29.0657 2520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:03:29.0659 2520 amdide - ok
13:03:29.0726 2520 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:03:29.0728 2520 amdiox64 - ok
13:03:29.0740 2520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:03:29.0741 2520 AmdK8 - ok
13:03:29.0981 2520 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:03:30.0162 2520 amdkmdag - ok
13:03:30.0392 2520 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:03:30.0414 2520 amdkmdap - ok
13:03:30.0459 2520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:03:30.0462 2520 AmdPPM - ok
13:03:30.0513 2520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:03:30.0516 2520 amdsata - ok
13:03:30.0543 2520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:03:30.0648 2520 amdsbs - ok
13:03:30.0708 2520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:03:30.0710 2520 amdxata - ok
13:03:30.0764 2520 amd_sata (b69ab579e950511d6d9bd09aaa350001) C:\Windows\system32\DRIVERS\amd_sata.sys
13:03:30.0766 2520 amd_sata - ok
13:03:30.0812 2520 amd_xata (683f545b70c80fa2c6349eb52958ef29) C:\Windows\system32\DRIVERS\amd_xata.sys
13:03:30.0814 2520 amd_xata - ok
13:03:30.0897 2520 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:03:30.0900 2520 AODDriver4.01 - ok
13:03:31.0091 2520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:03:31.0094 2520 AppID - ok
13:03:31.0174 2520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:03:31.0177 2520 arc - ok
13:03:31.0227 2520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:03:31.0230 2520 arcsas - ok
13:03:31.0265 2520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:03:31.0268 2520 AsyncMac - ok
13:03:31.0293 2520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:03:31.0294 2520 atapi - ok
13:03:31.0531 2520 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:03:31.0535 2520 AVGIDSDriver - ok
13:03:31.0558 2520 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:03:31.0560 2520 AVGIDSEH - ok
13:03:31.0572 2520 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:03:31.0574 2520 AVGIDSFilter - ok
13:03:31.0630 2520 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:03:31.0636 2520 Avgldx64 - ok
13:03:31.0663 2520 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:03:31.0664 2520 Avgmfx64 - ok
13:03:31.0692 2520 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:03:31.0694 2520 Avgrkx64 - ok
13:03:31.0715 2520 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:03:31.0718 2520 Avgtdia - ok
13:03:31.0872 2520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:03:31.0882 2520 b06bdrv - ok
13:03:31.0909 2520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:03:31.0916 2520 b57nd60a - ok
13:03:31.0959 2520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:03:31.0961 2520 Beep - ok
13:03:32.0002 2520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:03:32.0004 2520 blbdrive - ok
13:03:32.0031 2520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:03:32.0033 2520 bowser - ok
13:03:32.0038 2520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:03:32.0039 2520 BrFiltLo - ok
13:03:32.0046 2520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:03:32.0047 2520 BrFiltUp - ok
13:03:32.0116 2520 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:03:32.0124 2520 BridgeMP - ok
13:03:32.0153 2520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:03:32.0156 2520 Brserid - ok
13:03:32.0171 2520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:03:32.0172 2520 BrSerWdm - ok
13:03:32.0178 2520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:03:32.0179 2520 BrUsbMdm - ok
13:03:32.0186 2520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:03:32.0187 2520 BrUsbSer - ok
13:03:32.0211 2520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:03:32.0212 2520 BTHMODEM - ok
13:03:32.0241 2520 catchme - ok
13:03:32.0263 2520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:03:32.0265 2520 cdfs - ok
13:03:32.0306 2520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:03:32.0310 2520 cdrom - ok
13:03:32.0345 2520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:03:32.0346 2520 circlass - ok
13:03:32.0375 2520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:03:32.0378 2520 CLFS - ok
13:03:32.0489 2520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:03:32.0492 2520 CmBatt - ok
13:03:32.0585 2520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:03:32.0587 2520 cmdide - ok
13:03:32.0669 2520 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:03:32.0677 2520 CNG - ok
13:03:32.0727 2520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:03:32.0729 2520 Compbatt - ok
13:03:32.0814 2520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:03:32.0816 2520 CompositeBus - ok
13:03:32.0986 2520 cpuz130 - ok
13:03:33.0020 2520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:03:33.0022 2520 crcdisk - ok
13:03:33.0075 2520 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:03:33.0086 2520 CSC - ok
13:03:33.0234 2520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:03:33.0238 2520 DfsC - ok
13:03:33.0260 2520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:03:33.0262 2520 discache - ok
13:03:33.0308 2520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:03:33.0310 2520 Disk - ok
13:03:33.0325 2520 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:03:33.0328 2520 dmvsc - ok
13:03:33.0382 2520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:03:33.0384 2520 drmkaud - ok
13:03:33.0419 2520 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:03:33.0422 2520 dtsoftbus01 - ok
13:03:33.0490 2520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:03:33.0505 2520 DXGKrnl - ok
13:03:33.0724 2520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:03:33.0743 2520 ebdrv - ok
13:03:33.0806 2520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:03:33.0816 2520 elxstor - ok
13:03:33.0830 2520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:03:33.0832 2520 ErrDev - ok
13:03:33.0891 2520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:03:33.0894 2520 exfat - ok
13:03:33.0938 2520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:03:33.0943 2520 fastfat - ok
13:03:33.0976 2520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:03:33.0979 2520 fdc - ok
13:03:34.0006 2520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:03:34.0007 2520 FileInfo - ok
13:03:34.0068 2520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:03:34.0071 2520 Filetrace - ok
13:03:34.0138 2520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:03:34.0140 2520 flpydisk - ok
13:03:34.0213 2520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:03:34.0219 2520 FltMgr - ok
13:03:34.0243 2520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:03:34.0299 2520 FsDepends - ok
13:03:34.0310 2520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:03:34.0312 2520 Fs_Rec - ok
13:03:34.0338 2520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:03:34.0340 2520 fvevol - ok
13:03:34.0354 2520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:03:34.0355 2520 gagp30kx - ok
13:03:34.0415 2520 GearAspiWDM (7508fcfb8d93556213f530dffaedec45) C:\Windows\system32\drivers\GEARAspiWDM.sys
13:03:34.0417 2520 GearAspiWDM - ok
13:03:34.0471 2520 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
13:03:34.0480 2520 hamachi - ok
13:03:34.0546 2520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:03:34.0550 2520 hcw85cir - ok
13:03:34.0644 2520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:03:34.0652 2520 HdAudAddService - ok
13:03:34.0695 2520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:03:34.0698 2520 HDAudBus - ok
13:03:34.0710 2520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:03:34.0713 2520 HidBatt - ok
13:03:34.0731 2520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:03:34.0732 2520 HidBth - ok
13:03:34.0743 2520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:03:34.0744 2520 HidIr - ok
13:03:34.0787 2520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:03:34.0789 2520 HidUsb - ok
13:03:34.0810 2520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:03:34.0811 2520 HpSAMD - ok
13:03:34.0853 2520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:03:34.0860 2520 HTTP - ok
13:03:34.0891 2520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:03:34.0892 2520 hwpolicy - ok
13:03:34.0958 2520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:03:34.0962 2520 i8042prt - ok
13:03:35.0010 2520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:03:35.0018 2520 iaStorV - ok
13:03:35.0047 2520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:03:35.0050 2520 iirsp - ok
13:03:35.0079 2520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:03:35.0080 2520 intelide - ok
13:03:35.0118 2520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:03:35.0120 2520 intelppm - ok
13:03:35.0128 2520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:03:35.0130 2520 IpFilterDriver - ok
13:03:35.0139 2520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:03:35.0140 2520 IPMIDRV - ok
13:03:35.0147 2520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:03:35.0150 2520 IPNAT - ok
13:03:35.0192 2520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:03:35.0194 2520 IRENUM - ok
13:03:35.0205 2520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:03:35.0207 2520 isapnp - ok
13:03:35.0227 2520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:03:35.0230 2520 iScsiPrt - ok
13:03:35.0287 2520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:03:35.0289 2520 kbdclass - ok
13:03:35.0319 2520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:03:35.0322 2520 kbdhid - ok
13:03:35.0356 2520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:03:35.0359 2520 KSecDD - ok
13:03:35.0377 2520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:03:35.0381 2520 KSecPkg - ok
13:03:35.0394 2520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:03:35.0396 2520 ksthunk - ok
13:03:35.0456 2520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:03:35.0457 2520 lltdio - ok
13:03:35.0496 2520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:03:35.0497 2520 LSI_FC - ok
13:03:35.0506 2520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:03:35.0507 2520 LSI_SAS - ok
13:03:35.0521 2520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:03:35.0522 2520 LSI_SAS2 - ok
13:03:35.0538 2520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:03:35.0539 2520 LSI_SCSI - ok
13:03:35.0552 2520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:03:35.0554 2520 luafv - ok
13:03:35.0610 2520 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:03:35.0612 2520 MBAMProtector - ok
13:03:35.0666 2520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:03:35.0669 2520 megasas - ok
13:03:35.0752 2520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:03:35.0757 2520 MegaSR - ok
13:03:35.0803 2520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:03:35.0807 2520 Modem - ok
13:03:35.0885 2520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:03:35.0887 2520 monitor - ok
13:03:35.0926 2520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:03:35.0928 2520 mouclass - ok
13:03:35.0959 2520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:03:35.0962 2520 mouhid - ok
13:03:35.0976 2520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:03:35.0979 2520 mountmgr - ok
13:03:35.0996 2520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:03:36.0000 2520 mpio - ok
13:03:36.0050 2520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:03:36.0054 2520 mpsdrv - ok
13:03:36.0077 2520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:03:36.0081 2520 MRxDAV - ok
13:03:36.0104 2520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:03:36.0106 2520 mrxsmb - ok
13:03:36.0121 2520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:03:36.0124 2520 mrxsmb10 - ok
13:03:36.0130 2520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:03:36.0132 2520 mrxsmb20 - ok
13:03:36.0142 2520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:03:36.0143 2520 msahci - ok
13:03:36.0230 2520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:03:36.0234 2520 msdsm - ok
13:03:36.0320 2520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:03:36.0323 2520 Msfs - ok
13:03:36.0373 2520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:03:36.0375 2520 mshidkmdf - ok
13:03:36.0432 2520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:03:36.0434 2520 msisadrv - ok
13:03:36.0559 2520 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
13:03:36.0561 2520 MSI_MSIBIOS_010507 - ok
13:03:36.0642 2520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:03:36.0645 2520 MSKSSRV - ok
13:03:36.0654 2520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:03:36.0657 2520 MSPCLOCK - ok
13:03:36.0666 2520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:03:36.0668 2520 MSPQM - ok
13:03:36.0682 2520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:03:36.0686 2520 MsRPC - ok
13:03:36.0703 2520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:03:36.0704 2520 mssmbios - ok
13:03:36.0710 2520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:03:36.0711 2520 MSTEE - ok
13:03:36.0718 2520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:03:36.0719 2520 MTConfig - ok
13:03:36.0732 2520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:03:36.0733 2520 Mup - ok
13:03:36.0783 2520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:03:36.0791 2520 NativeWifiP - ok
13:03:36.0847 2520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:03:36.0862 2520 NDIS - ok
13:03:36.0882 2520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:03:36.0883 2520 NdisCap - ok
13:03:36.0919 2520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:03:36.0920 2520 NdisTapi - ok
13:03:36.0930 2520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:03:36.0932 2520 Ndisuio - ok
13:03:36.0945 2520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:03:36.0947 2520 NdisWan - ok
13:03:37.0015 2520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:03:37.0018 2520 NDProxy - ok
13:03:37.0080 2520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:03:37.0083 2520 NetBIOS - ok
13:03:37.0104 2520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:03:37.0110 2520 NetBT - ok
13:03:37.0177 2520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:03:37.0180 2520 nfrd960 - ok
13:03:37.0238 2520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:03:37.0240 2520 Npfs - ok
13:03:37.0250 2520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:03:37.0251 2520 nsiproxy - ok
13:03:37.0315 2520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:03:37.0332 2520 Ntfs - ok
13:03:37.0426 2520 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
13:03:37.0428 2520 NTIOLib_1_0_4 - ok
13:03:37.0531 2520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:03:37.0536 2520 Null - ok
13:03:37.0579 2520 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:03:37.0584 2520 nusb3hub - ok
13:03:37.0611 2520 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:03:37.0622 2520 nusb3xhc - ok
13:03:37.0665 2520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:03:37.0669 2520 nvraid - ok
13:03:37.0689 2520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:03:37.0693 2520 nvstor - ok
13:03:37.0715 2520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:03:37.0719 2520 nv_agp - ok
13:03:37.0767 2520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:03:37.0770 2520 ohci1394 - ok
13:03:37.0886 2520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:03:37.0889 2520 Parport - ok
13:03:37.0936 2520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:03:37.0939 2520 partmgr - ok
13:03:38.0004 2520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:03:38.0008 2520 pci - ok
13:03:38.0113 2520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:03:38.0115 2520 pciide - ok
13:03:38.0176 2520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:03:38.0181 2520 pcmcia - ok
13:03:38.0278 2520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:03:38.0280 2520 pcw - ok
13:03:38.0381 2520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:03:38.0396 2520 PEAUTH - ok
13:03:38.0502 2520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:03:38.0504 2520 PptpMiniport - ok
13:03:38.0537 2520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:03:38.0540 2520 Processor - ok
13:03:38.0612 2520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:03:38.0620 2520 Psched - ok
13:03:38.0688 2520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:03:38.0707 2520 ql2300 - ok
13:03:38.0723 2520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:03:38.0725 2520 ql40xx - ok
13:03:38.0779 2520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:03:38.0781 2520 QWAVEdrv - ok
13:03:38.0803 2520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:03:38.0806 2520 RasAcd - ok
13:03:38.0854 2520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:03:38.0856 2520 RasAgileVpn - ok
13:03:38.0885 2520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:03:38.0887 2520 Rasl2tp - ok
13:03:38.0910 2520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:03:38.0911 2520 RasPppoe - ok
13:03:38.0935 2520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:03:38.0936 2520 RasSstp - ok
13:03:38.0951 2520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:03:38.0953 2520 rdbss - ok
13:03:38.0979 2520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:03:38.0980 2520 rdpbus - ok
13:03:38.0991 2520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:03:38.0992 2520 RDPCDD - ok
13:03:39.0014 2520 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:03:39.0017 2520 RDPDR - ok
13:03:39.0051 2520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:03:39.0053 2520 RDPENCDD - ok
13:03:39.0079 2520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:03:39.0081 2520 RDPREFMP - ok
13:03:39.0105 2520 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:03:39.0107 2520 RdpVideoMiniport - ok
13:03:39.0134 2520 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:03:39.0138 2520 RDPWD - ok
13:03:39.0202 2520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:03:39.0206 2520 rdyboost - ok
13:03:39.0276 2520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:03:39.0277 2520 rspndr - ok
13:03:39.0325 2520 RTHDMIAzAudService (ac0e048f44bb30b96b81075a2455f0f7) C:\Windows\system32\drivers\RtHDMIVX.sys
13:03:39.0348 2520 RTHDMIAzAudService - ok
13:03:39.0412 2520 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:03:39.0422 2520 RTL8167 - ok
13:03:39.0444 2520 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:03:39.0447 2520 s3cap - ok
13:03:39.0481 2520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:03:39.0482 2520 sbp2port - ok
13:03:39.0638 2520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:03:39.0651 2520 scfilter - ok
13:03:39.0720 2520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:03:39.0722 2520 secdrv - ok
13:03:39.0779 2520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:03:39.0781 2520 Serenum - ok
13:03:39.0805 2520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:03:39.0807 2520 Serial - ok
13:03:39.0828 2520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:03:39.0830 2520 sermouse - ok
13:03:39.0863 2520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:03:39.0864 2520 sffdisk - ok
13:03:39.0871 2520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:03:39.0872 2520 sffp_mmc - ok
13:03:39.0879 2520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:03:39.0880 2520 sffp_sd - ok
13:03:39.0887 2520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:03:39.0888 2520 sfloppy - ok
13:03:39.0911 2520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:03:39.0912 2520 SiSRaid2 - ok
13:03:39.0923 2520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:03:39.0924 2520 SiSRaid4 - ok
13:03:39.0965 2520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:03:39.0970 2520 Smb - ok
13:03:40.0003 2520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:03:40.0004 2520 spldr - ok
13:03:40.0038 2520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:03:40.0043 2520 srv - ok
13:03:40.0061 2520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:03:40.0066 2520 srv2 - ok
13:03:40.0097 2520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:03:40.0099 2520 srvnet - ok
13:03:40.0141 2520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:03:40.0142 2520 stexstor - ok
13:03:40.0167 2520 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:03:40.0168 2520 storflt - ok
13:03:40.0196 2520 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:03:40.0197 2520 storvsc - ok
13:03:40.0206 2520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:03:40.0207 2520 swenum - ok
13:03:40.0244 2520 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
13:03:40.0246 2520 Synth3dVsc - ok
13:03:40.0332 2520 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:03:40.0356 2520 Tcpip - ok
13:03:40.0416 2520 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:03:40.0427 2520 TCPIP6 - ok
13:03:40.0469 2520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:03:40.0470 2520 tcpipreg - ok
13:03:40.0487 2520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:03:40.0490 2520 TDPIPE - ok
13:03:40.0502 2520 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:03:40.0504 2520 TDTCP - ok
13:03:40.0541 2520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:03:40.0543 2520 tdx - ok
13:03:40.0558 2520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:03:40.0559 2520 TermDD - ok
13:03:40.0578 2520 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
13:03:40.0579 2520 terminpt - ok
13:03:40.0647 2520 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
13:03:40.0652 2520 truecrypt - ok
13:03:40.0697 2520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:40.0713 2520 tssecsrv - ok
13:03:40.0816 2520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:03:40.0828 2520 TsUsbFlt - ok
13:03:40.0839 2520 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:03:40.0841 2520 TsUsbGD - ok
13:03:40.0879 2520 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
13:03:40.0886 2520 tsusbhub - ok
13:03:40.0922 2520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:03:40.0927 2520 tunnel - ok
13:03:40.0943 2520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:03:40.0946 2520 uagp35 - ok
13:03:40.0968 2520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:03:40.0974 2520 udfs - ok
13:03:40.0996 2520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:03:40.0998 2520 uliagpkx - ok
13:03:41.0033 2520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:03:41.0035 2520 umbus - ok
13:03:41.0052 2520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:03:41.0053 2520 UmPass - ok
13:03:41.0085 2520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:41.0088 2520 usbccgp - ok
13:03:41.0209 2520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:03:41.0212 2520 usbcir - ok
13:03:41.0311 2520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:03:41.0317 2520 usbehci - ok
13:03:41.0447 2520 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
13:03:41.0450 2520 usbfilter - ok
13:03:41.0558 2520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:03:41.0566 2520 usbhub - ok
13:03:41.0618 2520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:03:41.0621 2520 usbohci - ok
13:03:41.0651 2520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:03:41.0653 2520 usbprint - ok
13:03:41.0687 2520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:41.0693 2520 USBSTOR - ok
13:03:41.0745 2520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:03:41.0747 2520 usbuhci - ok
13:03:41.0826 2520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:03:41.0828 2520 vdrvroot - ok
13:03:41.0870 2520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:41.0873 2520 vga - ok
13:03:41.0888 2520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:03:41.0891 2520 VgaSave - ok
13:03:41.0900 2520 VGPU - ok
13:03:41.0915 2520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:03:41.0918 2520 vhdmp - ok
13:03:41.0928 2520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:03:41.0929 2520 viaide - ok
13:03:41.0956 2520 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:03:41.0959 2520 vmbus - ok
13:03:42.0091 2520 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:03:42.0094 2520 VMBusHID - ok
13:03:42.0201 2520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:03:42.0204 2520 volmgr - ok
13:03:42.0229 2520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:03:42.0236 2520 volmgrx - ok
13:03:42.0260 2520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:03:42.0266 2520 volsnap - ok
13:03:42.0310 2520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:03:42.0314 2520 vsmraid - ok
13:03:42.0336 2520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:03:42.0338 2520 vwifibus - ok
13:03:42.0358 2520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:03:42.0359 2520 WacomPen - ok
13:03:42.0391 2520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:42.0395 2520 WANARP - ok
13:03:42.0403 2520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:42.0406 2520 Wanarpv6 - ok
13:03:42.0453 2520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:03:42.0454 2520 Wd - ok
13:03:42.0471 2520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:03:42.0476 2520 Wdf01000 - ok
13:03:42.0546 2520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:42.0549 2520 WfpLwf - ok
13:03:42.0572 2520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:03:42.0573 2520 WIMMount - ok
13:03:42.0602 2520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:03:42.0603 2520 WmiAcpi - ok
13:03:42.0628 2520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:03:42.0629 2520 ws2ifsl - ok
13:03:42.0652 2520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:03:42.0653 2520 WudfPf - ok
13:03:42.0684 2520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:42.0686 2520 WUDFRd - ok
13:03:42.0728 2520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:03:42.0808 2520 \Device\Harddisk0\DR0 - ok
13:03:42.0814 2520 Boot (0x1200) (7d2208046f42b58867cd4ffa85bcc0bc) \Device\Harddisk0\DR0\Partition0
13:03:42.0815 2520 \Device\Harddisk0\DR0\Partition0 - ok
13:03:42.0819 2520 Boot (0x1200) (fff8a1040d8350fcac5304c55a382c6d) \Device\Harddisk0\DR0\Partition1
13:03:42.0820 2520 \Device\Harddisk0\DR0\Partition1 - ok
13:03:42.0821 2520 ============================================================
13:03:42.0821 2520 Scan finished
13:03:42.0821 2520 ============================================================
13:03:42.0833 3848 Detected object count: 0
13:03:42.0833 3848 Actual detected object count: 0

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 02 bře 2012 13:44
od Mira
Jinak ale predtim mi nesel zapnout vubec firewall, hlasilo to nejakou chybu, a tet najednou uz je spusteny, tak nevim jak je to mozne :-)

Dekuji za odpoved :thumbsup:

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 03 bře 2012 15:19
od motji
:arrow: Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 03 bře 2012 23:20
od Mira
Dobry vecer :o

Ja pouzil MBAM jeste driv nez jste odepsala :) Uz driv jsem ho pouzival, a zase se k nemu vratil. Neco nasel, a ja to odstranil, bohuzel uz nevim co to bylo :cry:
Tet kdyz jsem to projel uplnym skenem tak uz to nic nenaslo...

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
http://www.malwarebytes.org

Verze databáze: v2012.03.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mirek :: MIREK-PC [administrátor]

Ochrana: Zakázána

3.3.2012 22:49:32
mbam-log-2012-03-03 (22-49-32).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 339819
Uplynulý čas: 28 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 03 bře 2012 23:37
od motji
Tuto složku znáte?
C:\aaa


Otestujte na www.virustotal.com
c:\windows\system32\user32.dll

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 00:23
od Mira
Nejakou slozku C:\aaa tam mam, prazdna slozka :roll: co je to zac?

Otestovano:

https://www.virustotal.com/file/01eb95f ... /analysis/

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 00:33
od motji
To se ptám já Vás :D . Vy jste ji nevytvořil?

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 00:34
od Mira
Aaha :oops: omlouvam se, uz asi blouznim z horecky :?: Nevim o tom ze bych slozku aaa nekdy vytvoril :)

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 10:09
od motji
:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\aaa
c:\program files (x86)\AskTBar

Restore::
c:\windows\SysWOW64\user32.dll
c:\windows\system32\user32.dll

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 626dc08fe9
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\
FF - user.js: extensions.BabylonToolbar_i.id - 920583560000000000006c626dc08fe9
FF - user.js: extensions.BabylonToolbar_i.hardId - 920583560000000000006c626dc08fe9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 14:18
od Mira
Dobry den, tady to je:

ComboFix 12-03-03.02 - Mirek 04.03.2012 14:06:20.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4095.2840 [GMT 1:00]
Spuštěný z: c:\users\Mirek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mirek\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\aaa
.
Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-04 do 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:10 . 2012-03-04 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 07:12 . 2012-03-03 08:37 -------- d-----w- c:\users\Mirek\AppData\Roaming\Youtube Downloader HD
2012-03-03 07:12 . 2012-03-03 07:12 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2012-03-03 07:00 . 2012-03-03 07:11 -------- d-----w- c:\users\Mirek\AppData\Roaming\vso
2012-03-02 14:33 . 2012-03-02 14:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-02 14:33 . 2012-03-02 14:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-01 20:26 . 2012-03-01 20:26 -------- d-----w- C:\$AVG
2012-03-01 19:53 . 2012-03-01 19:53 -------- d-----w- c:\users\Mirek\AppData\Roaming\AVG2012
2012-03-01 19:19 . 2012-03-01 19:19 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-01 19:18 . 2012-03-03 06:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-01 19:18 . 2012-03-01 19:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-01 19:18 . 2012-03-01 19:18 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-01 19:18 . 2012-03-04 12:51 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-01 19:18 . 2012-03-01 20:06 -------- d-----w- c:\programdata\AVG2012
2012-03-01 18:50 . 2012-03-01 18:51 -------- d-----w- c:\users\Mirek\AppData\Roaming\TrueCrypt
2012-03-01 18:50 . 2012-03-01 18:50 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-01 18:50 . 2012-03-01 18:54 -------- d-----w- c:\program files\TrueCrypt
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- C:\rsit
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- c:\program files\trend micro
2012-03-01 00:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-01 00:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-01 00:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 00:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-29 22:03 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-29 22:03 . 2012-03-01 18:33 -------- d-----w- c:\programdata\AVAST Software
2012-02-29 21:43 . 2012-02-29 21:47 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2012-02-29 21:41 . 2012-02-29 21:41 70088 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-02-29 21:40 . 2008-02-22 17:54 19496 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-29 21:40 . 2008-02-22 17:54 126312 ----a-w- c:\windows\system32\GEARASpi64.dll
2012-02-29 21:40 . 2012-02-29 21:40 33736 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\programdata\G DATA
2012-02-29 21:40 . 2012-02-29 21:40 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\program files (x86)\Common Files\G DATA
2012-02-29 21:39 . 2012-02-29 21:39 -------- d-----w- c:\users\Mirek\AppData\Local\Downloaded Installations
2012-02-29 13:22 . 2012-02-29 13:22 -------- d-----w- c:\users\Mirek\AppData\Local\ESET
2012-02-29 13:10 . 2012-03-01 00:30 -------- d-----w- c:\users\Mirek\AppData\Local\ElevatedDiagnostics
2012-02-27 20:50 . 2012-02-27 20:50 -------- d-----w- c:\program files\Recuva
2012-02-25 14:18 . 2012-02-25 15:22 -------- d-----w- c:\users\Mirek\AppData\Roaming\Hamachi
2012-02-25 14:17 . 2012-02-25 14:17 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-02-25 14:17 . 2012-02-25 14:27 -------- d-----w- c:\program files (x86)\Hamachi
2012-02-25 12:55 . 2012-02-25 12:55 -------- d-----w- c:\users\Mirek\AppData\Local\GameSpy
2012-02-25 12:54 . 2012-02-25 13:03 -------- d-----w- c:\users\Mirek\AppData\Local\ApplicationHistory
2012-02-23 23:27 . 2012-02-23 23:32 -------- d-----w- c:\users\Mirek\AppData\Roaming\foobar2000
2012-02-23 15:14 . 2005-06-01 11:15 966144 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-02-23 15:14 . 2005-06-01 11:11 877568 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-02-23 15:14 . 2004-03-08 23:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2012-02-23 15:14 . 2003-05-15 11:07 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-02-23 15:14 . 2002-04-07 21:14 724992 ----a-w- c:\windows\SysWow64\ebCrypt.dll
2012-02-23 15:14 . 2000-01-28 12:58 102400 ----a-w- c:\windows\SysWow64\ccrpprg6.ocx
2012-02-22 22:49 . 2012-02-22 22:49 -------- d-----w- c:\users\Mirek\AppData\Roaming\Stealth Software
2012-02-22 21:54 . 2012-02-22 21:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\users\Mirek\AppData\Local\eMule
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\programdata\eMule
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\Malwarebytes
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\programdata\Malwarebytes
2012-02-22 20:35 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 16:22 . 2012-02-27 21:04 -------- d-----w- c:\program files\CCleaner
2012-02-17 13:34 . 2012-02-18 02:13 -------- d-----w- c:\users\Mirek\AppData\Roaming\Media Finder
2012-02-17 13:33 . 2012-02-17 13:33 237 ----a-w- C:\user.js
2012-02-16 20:38 . 2012-02-29 21:39 430 ----a-w- c:\users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.pif
2012-02-16 17:03 . 2012-02-16 17:03 -------- d-----w- c:\users\Mirek\AppData\Local\Shareaza
2012-02-16 17:03 . 2012-02-23 12:30 -------- d-----w- c:\users\Mirek\AppData\Roaming\Shareaza
2012-02-16 14:49 . 2012-02-16 14:49 -------- d-----w- c:\users\Mirek\AppData\Local\EA Games
2012-02-16 14:41 . 2012-02-16 14:41 -------- d-----w- c:\program files (x86)\EA Games
2012-02-16 14:25 . 2012-02-16 14:25 -------- d--h--r- c:\users\Mirek\AppData\Roaming\SecuROM
2012-02-16 14:25 . 2012-02-16 14:25 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-02-16 14:24 . 2012-02-24 17:27 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-16 14:24 . 2012-02-24 17:27 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-16 14:24 . 2012-02-16 14:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-13 18:59 . 2012-02-14 21:09 -------- d-----w- c:\program files (x86)\Need for Speed The Run
2012-02-13 18:57 . 2012-02-13 18:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 18:56 . 2012-02-13 18:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-12 12:56 . 2012-02-12 12:58 -------- d-----w- c:\users\Mirek\AppData\Local\Rockstar Games
2012-02-12 12:49 . 2012-02-12 12:49 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-12 12:43 . 2012-02-12 12:43 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-12 12:22 . 2012-02-12 12:23 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-02-11 14:58 . 2012-02-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-02-11 14:57 . 2012-02-11 14:57 -------- d-----w- c:\program files (x86)\Futuremark
2012-02-11 14:02 . 2012-02-11 14:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-11 13:21 . 2012-02-11 13:21 -------- d-----w- c:\program files (x86)\Setup Files
2012-02-10 18:58 . 2012-02-10 19:13 -------- d-----w- c:\program files (x86)\BitLord
2012-02-10 17:39 . 2012-02-10 17:41 -------- d-----w- c:\program files (x86)\Mafia II
2012-02-10 17:35 . 2012-02-10 17:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\TeamViewer
2012-02-10 17:03 . 2012-02-10 17:03 -------- d-----w- c:\programdata\Solidshield
2012-02-10 14:07 . 2012-02-10 14:07 -------- d-----w- c:\users\Mirek\AppData\Local\4A Games
2012-02-10 13:12 . 2012-02-10 13:19 -------- d-----w- c:\program files (x86)\METRO 2033
2012-02-09 23:41 . 2012-02-09 23:41 -------- d-----w- c:\users\Mirek\AppData\Local\2K Games
2012-02-09 23:33 . 2012-02-09 23:33 -------- d-----w- c:\program files (x86)\2K Games
2012-02-09 14:57 . 2012-02-09 15:38 -------- d-----w- c:\program files (x86)\RAR Password Unlocker
2012-02-09 14:35 . 2012-02-09 15:37 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-02-08 19:36 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\Battlefield 3
2012-02-07 23:29 . 2012-02-07 23:29 -------- d-----w- c:\users\Mirek\AppData\Local\FlatOut Ultimate Carnage
2012-02-07 23:23 . 2012-02-07 23:23 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-07 23:22 . 2012-02-07 23:22 -------- d-----w- c:\program files (x86)\Empire Interactive
2012-02-07 15:15 . 2012-02-07 15:15 -------- d-----w- c:\windows\Sun
2012-02-07 10:44 . 2012-02-29 22:02 -------- d-----w- c:\windows\system32\appmgmt
2012-02-07 09:48 . 2012-02-07 09:48 -------- d-----w- c:\users\Mirek\AppData\Local\Nero
2012-02-07 09:43 . 2012-02-07 09:43 -------- d-----w- c:\users\Mirek\AppData\Roaming\Nero
2012-02-07 09:37 . 2012-02-07 10:01 -------- d-----w- c:\users\Mirek\AppData\Local\Ahead
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\programdata\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-02-07 09:15 . 2012-02-07 09:15 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-06 17:43 . 2012-02-06 18:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-06 17:43 . 2012-02-06 17:48 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-06 17:36 . 2012-02-06 18:03 -------- d-----w- c:\program files (x86)\StarCraft II
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Roaming\Day 1 Studios
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Local\SKIDROW
2012-02-05 20:15 . 2012-02-05 20:15 -------- d-----w- c:\program files (x86)\F.E.A.R. 3
2012-02-05 20:08 . 2012-02-05 20:08 -------- d-----w- c:\programdata\EA Core
2012-02-04 23:51 . 2012-02-04 23:51 -------- d-----w- c:\program files (x86)\Ubisoft
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\users\Mirek\AppData\Roaming\Canneverbe Limited
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\programdata\Canneverbe Limited
2012-02-04 13:48 . 2009-02-02 16:50 36864 ------w- c:\windows\Algouinstall.exe
2012-02-04 13:48 . 2012-02-04 13:48 -------- d-----w- c:\program files (x86)\Algorithmix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 03:30 . 2012-01-29 03:30 2897 ----a-w- c:\windows\SysWow64\sdbackup.reg
2012-01-25 17:59 . 2012-01-22 08:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-24 16:57 . 2012-01-24 16:57 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-24 16:57 . 2012-01-24 16:57 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-22 09:00 . 2012-01-22 09:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 10:00 . 2012-01-14 10:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 448512 ----a-w- c:\windows\system32\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 10:00 . 2012-01-14 10:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-14 08:48 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-01-14 08:48 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:48 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-01-14 08:48 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-11-10 03:15 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-11-10 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-11-10 02:40 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-11-10 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-11-10 02:18 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-11-10 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-11-10 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-11-10 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-01_17.13.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-01 17:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-01 17:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-01 17:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-04 12:47 31966 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-04 12:47 36128 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-14 08:50 . 2012-03-04 12:47 12912 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4142652493-215447543-3548880870-1000_UserData.bin
+ 2011-09-13 05:30 . 2011-09-13 05:30 37456 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-08-08 05:08 . 2011-08-08 05:08 46672 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 29776 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 26704 c:\windows\system32\drivers\AVGIDSEH.sys
- 2012-01-14 08:45 . 2012-02-27 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-14 08:45 . 2012-03-03 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-14 08:45 . 2012-03-03 07:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-14 08:45 . 2012-02-27 21:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-03 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 13:10 . 2012-03-04 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-04 13:10 . 2012-03-04 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-01 17:13 . 2012-03-01 17:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-03 06:55 . 2012-03-04 12:46 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-15 22:03 . 2012-03-03 20:38 246168 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-03 16:53 624578 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-01 12:47 624578 c:\windows\system32\perfh009.dat
- 2012-01-14 09:50 . 2012-03-01 12:47 639770 c:\windows\system32\perfh005.dat
+ 2012-01-14 09:50 . 2012-03-03 16:53 639770 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-03-01 12:47 110216 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-03 16:53 110216 c:\windows\system32\perfc009.dat
- 2012-01-14 09:50 . 2012-03-01 12:47 126668 c:\windows\system32\perfc005.dat
+ 2012-01-14 09:50 . 2012-03-03 16:53 126668 c:\windows\system32\perfc005.dat
+ 2011-07-11 00:14 . 2011-07-11 00:14 375376 c:\windows\system32\drivers\avgtdia.sys
+ 2011-10-07 05:23 . 2011-10-07 05:23 283728 c:\windows\system32\drivers\avgldx64.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 120400 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2009-07-14 05:01 . 2012-03-01 17:12 246912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-04 13:10 246912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 1008128 c:\windows\system32\user32.dll
+ 2012-03-01 19:11 . 2012-03-01 19:11 7629312 c:\windows\Installer\729729.msi
+ 2012-03-01 19:17 . 2012-03-01 19:17 2833408 c:\windows\Installer\729725.msi
+ 2012-01-15 18:35 . 2012-03-04 13:10 31655768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4142652493-215447543-3548880870-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-01 19:18 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-01 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"="c:\users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe" [2012-03-02 265216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-01 939872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Mirek\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-09 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-21 14136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbba96a77-00b4-4f5a-86ae-04b5a8e6fdb3%7D&mid=fcd70d4671bd47d1a1e7bd2b2b24661a-9ff1b6bdc2b4742b42ba36bd81a0deb473b8eeb1&ds=AVG&v=10.0.0.7&lang=cs&pr=fr&d=2012-03-01%2020%3A19%3A02&sap=ku&q=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4142652493-215447543-3548880870-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
.
**************************************************************************
.
Celkový čas: 2012-03-04 14:14:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-04 13:14
.
Před spuštěním: Volných bajtů: 592 840 331 264
Po spuštění: Volných bajtů: 592 600 088 576
.
- - End Of File - - 5454B61D44C950C20E17CF7528E0FC82

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 16:26
od motji
Ještě jeden skript

Kód: Vybrat vše

Restore::
c:\windows\SysWOW64\user32.dll

Re: Jak se zbavit Downloader.Agent.2 a TR/Crypt.XPACK.Gen

Napsal: 04 bře 2012 16:51
od Mira
ComboFix 12-03-04.01 - Mirek 04.03.2012 23:16:26.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4095.2764 [GMT 1:00]
Spuštěný z: c:\users\Mirek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mirek\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpA17C.tmp
c:\windows\SysWow64\tmpA18D.tmp
.
Nakažená kopie c:\windows\SysWOW64\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-04 do 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 22:19 . 2012-03-04 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 13:47 . 2012-03-04 13:47 -------- d-sh--w- c:\programdata\DSS
2012-03-04 13:47 . 2012-03-04 13:47 -------- d-----w- c:\programdata\Codemasters
2012-03-04 13:43 . 2011-03-19 14:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-03-04 13:43 . 2010-09-22 12:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-03-04 13:43 . 2012-03-04 13:43 -------- d-----w- c:\program files (x86)\BRS
2012-03-04 13:43 . 2012-03-04 13:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-04 13:43 . 2012-03-04 13:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-04 13:43 . 2012-03-04 13:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-04 13:43 . 2012-03-04 13:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-04 13:43 . 2012-03-04 13:43 -------- d-----w- c:\program files (x86)\OpenAL
2012-03-04 13:33 . 2012-03-04 13:33 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-03 07:12 . 2012-03-03 08:37 -------- d-----w- c:\users\Mirek\AppData\Roaming\Youtube Downloader HD
2012-03-03 07:12 . 2012-03-03 07:12 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2012-03-03 07:00 . 2012-03-03 07:11 -------- d-----w- c:\users\Mirek\AppData\Roaming\vso
2012-03-02 14:33 . 2012-03-02 14:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-02 14:33 . 2012-03-02 14:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-01 20:26 . 2012-03-01 20:26 -------- d-----w- C:\$AVG
2012-03-01 19:53 . 2012-03-01 19:53 -------- d-----w- c:\users\Mirek\AppData\Roaming\AVG2012
2012-03-01 19:19 . 2012-03-01 19:19 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-01 19:18 . 2012-03-03 06:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-01 19:18 . 2012-03-01 19:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-01 19:18 . 2012-03-01 19:18 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-01 19:18 . 2012-03-04 12:51 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-01 19:18 . 2012-03-01 20:06 -------- d-----w- c:\programdata\AVG2012
2012-03-01 18:50 . 2012-03-01 18:51 -------- d-----w- c:\users\Mirek\AppData\Roaming\TrueCrypt
2012-03-01 18:50 . 2012-03-01 18:50 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-01 18:50 . 2012-03-01 18:54 -------- d-----w- c:\program files\TrueCrypt
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- C:\rsit
2012-03-01 17:04 . 2012-03-01 17:04 -------- d-----w- c:\program files\trend micro
2012-03-01 00:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-01 00:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-01 00:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 00:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-29 22:03 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-29 22:03 . 2012-03-01 18:33 -------- d-----w- c:\programdata\AVAST Software
2012-02-29 21:43 . 2012-02-29 21:47 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2012-02-29 21:41 . 2012-02-29 21:41 70088 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-02-29 21:40 . 2008-02-22 17:54 19496 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-29 21:40 . 2008-02-22 17:54 126312 ----a-w- c:\windows\system32\GEARASpi64.dll
2012-02-29 21:40 . 2012-02-29 21:40 33736 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\programdata\G DATA
2012-02-29 21:40 . 2012-02-29 21:40 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-02-29 21:40 . 2012-02-29 22:02 -------- d-----w- c:\program files (x86)\Common Files\G DATA
2012-02-29 21:39 . 2012-02-29 21:39 -------- d-----w- c:\users\Mirek\AppData\Local\Downloaded Installations
2012-02-29 13:22 . 2012-02-29 13:22 -------- d-----w- c:\users\Mirek\AppData\Local\ESET
2012-02-29 13:10 . 2012-03-01 00:30 -------- d-----w- c:\users\Mirek\AppData\Local\ElevatedDiagnostics
2012-02-27 20:50 . 2012-02-27 20:50 -------- d-----w- c:\program files\Recuva
2012-02-25 14:18 . 2012-02-25 15:22 -------- d-----w- c:\users\Mirek\AppData\Roaming\Hamachi
2012-02-25 14:17 . 2012-02-25 14:17 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-02-25 14:17 . 2012-02-25 14:27 -------- d-----w- c:\program files (x86)\Hamachi
2012-02-25 12:55 . 2012-02-25 12:55 -------- d-----w- c:\users\Mirek\AppData\Local\GameSpy
2012-02-25 12:54 . 2012-02-25 13:03 -------- d-----w- c:\users\Mirek\AppData\Local\ApplicationHistory
2012-02-23 23:27 . 2012-02-23 23:32 -------- d-----w- c:\users\Mirek\AppData\Roaming\foobar2000
2012-02-23 15:14 . 2005-06-01 11:15 966144 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-02-23 15:14 . 2005-06-01 11:11 877568 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-02-23 15:14 . 2004-03-08 23:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2012-02-23 15:14 . 2003-05-15 11:07 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-02-23 15:14 . 2002-04-07 21:14 724992 ----a-w- c:\windows\SysWow64\ebCrypt.dll
2012-02-23 15:14 . 2000-01-28 12:58 102400 ----a-w- c:\windows\SysWow64\ccrpprg6.ocx
2012-02-22 22:49 . 2012-02-22 22:49 -------- d-----w- c:\users\Mirek\AppData\Roaming\Stealth Software
2012-02-22 21:54 . 2012-02-22 21:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\users\Mirek\AppData\Local\eMule
2012-02-22 21:07 . 2012-02-22 21:07 -------- d-----w- c:\programdata\eMule
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\Malwarebytes
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\programdata\Malwarebytes
2012-02-22 20:35 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 16:22 . 2012-02-27 21:04 -------- d-----w- c:\program files\CCleaner
2012-02-17 13:34 . 2012-02-18 02:13 -------- d-----w- c:\users\Mirek\AppData\Roaming\Media Finder
2012-02-17 13:33 . 2012-02-17 13:33 237 ----a-w- C:\user.js
2012-02-16 20:38 . 2012-02-29 21:39 430 ----a-w- c:\users\Public\{17314228-173E-4057-AC9F-E653543A20C7}.pif
2012-02-16 17:03 . 2012-02-16 17:03 -------- d-----w- c:\users\Mirek\AppData\Local\Shareaza
2012-02-16 17:03 . 2012-02-23 12:30 -------- d-----w- c:\users\Mirek\AppData\Roaming\Shareaza
2012-02-16 14:49 . 2012-02-16 14:49 -------- d-----w- c:\users\Mirek\AppData\Local\EA Games
2012-02-16 14:41 . 2012-02-16 14:41 -------- d-----w- c:\program files (x86)\EA Games
2012-02-16 14:25 . 2012-02-16 14:25 -------- d--h--r- c:\users\Mirek\AppData\Roaming\SecuROM
2012-02-16 14:25 . 2012-02-16 14:25 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-02-16 14:24 . 2012-02-24 17:27 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-16 14:24 . 2012-02-24 17:27 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-16 14:24 . 2012-02-16 14:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-13 18:59 . 2012-02-14 21:09 -------- d-----w- c:\program files (x86)\Need for Speed The Run
2012-02-13 18:57 . 2012-02-13 18:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 18:56 . 2012-02-13 18:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-12 12:56 . 2012-02-12 12:58 -------- d-----w- c:\users\Mirek\AppData\Local\Rockstar Games
2012-02-12 12:49 . 2012-02-12 12:49 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-12 12:43 . 2012-03-04 13:47 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-12 12:22 . 2012-02-12 12:23 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-02-11 14:58 . 2012-02-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-02-11 14:57 . 2012-02-11 14:57 -------- d-----w- c:\program files (x86)\Futuremark
2012-02-11 14:02 . 2012-02-11 14:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-11 13:21 . 2012-02-11 13:21 -------- d-----w- c:\program files (x86)\Setup Files
2012-02-10 18:58 . 2012-02-10 19:13 -------- d-----w- c:\program files (x86)\BitLord
2012-02-10 17:39 . 2012-02-10 17:41 -------- d-----w- c:\program files (x86)\Mafia II
2012-02-10 17:35 . 2012-02-10 17:35 -------- d-----w- c:\users\Mirek\AppData\Roaming\TeamViewer
2012-02-10 17:03 . 2012-02-10 17:03 -------- d-----w- c:\programdata\Solidshield
2012-02-10 14:07 . 2012-02-10 14:07 -------- d-----w- c:\users\Mirek\AppData\Local\4A Games
2012-02-10 13:12 . 2012-02-10 13:19 -------- d-----w- c:\program files (x86)\METRO 2033
2012-02-09 23:41 . 2012-02-09 23:41 -------- d-----w- c:\users\Mirek\AppData\Local\2K Games
2012-02-09 23:33 . 2012-02-09 23:33 -------- d-----w- c:\program files (x86)\2K Games
2012-02-09 14:57 . 2012-02-09 15:38 -------- d-----w- c:\program files (x86)\RAR Password Unlocker
2012-02-09 14:35 . 2012-02-09 15:37 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-02-08 19:36 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\Battlefield 3
2012-02-07 23:29 . 2012-02-07 23:29 -------- d-----w- c:\users\Mirek\AppData\Local\FlatOut Ultimate Carnage
2012-02-07 23:23 . 2012-02-07 23:23 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-07 23:22 . 2012-02-07 23:22 -------- d-----w- c:\program files (x86)\Empire Interactive
2012-02-07 15:15 . 2012-02-07 15:15 -------- d-----w- c:\windows\Sun
2012-02-07 10:44 . 2012-02-29 22:02 -------- d-----w- c:\windows\system32\appmgmt
2012-02-07 09:48 . 2012-02-07 09:48 -------- d-----w- c:\users\Mirek\AppData\Local\Nero
2012-02-07 09:43 . 2012-02-07 09:43 -------- d-----w- c:\users\Mirek\AppData\Roaming\Nero
2012-02-07 09:37 . 2012-02-07 10:01 -------- d-----w- c:\users\Mirek\AppData\Local\Ahead
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\programdata\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Nero
2012-02-07 09:36 . 2012-02-07 09:36 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-02-07 09:15 . 2012-02-07 09:15 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-06 17:43 . 2012-02-06 18:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-06 17:43 . 2012-02-06 17:48 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-06 17:36 . 2012-02-06 18:03 -------- d-----w- c:\program files (x86)\StarCraft II
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Roaming\Day 1 Studios
2012-02-05 20:19 . 2012-02-05 20:19 -------- d-----w- c:\users\Mirek\AppData\Local\SKIDROW
2012-02-05 20:15 . 2012-02-05 20:15 -------- d-----w- c:\program files (x86)\F.E.A.R. 3
2012-02-05 20:08 . 2012-02-05 20:08 -------- d-----w- c:\programdata\EA Core
2012-02-04 23:51 . 2012-02-04 23:51 -------- d-----w- c:\program files (x86)\Ubisoft
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\users\Mirek\AppData\Roaming\Canneverbe Limited
2012-02-04 14:00 . 2012-02-04 14:00 -------- d-----w- c:\programdata\Canneverbe Limited
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 16:23 . 2012-01-22 08:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 03:30 . 2012-01-29 03:30 2897 ----a-w- c:\windows\SysWow64\sdbackup.reg
2012-01-24 16:57 . 2012-01-24 16:57 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-24 16:57 . 2012-01-24 16:57 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-22 09:00 . 2012-01-22 09:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 10:00 . 2012-01-14 10:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-14 10:00 . 2012-01-14 10:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-14 10:00 . 2012-01-14 10:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-14 10:00 . 2012-01-14 10:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-14 10:00 . 2012-01-14 10:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-14 10:00 . 2012-01-14 10:00 448512 ----a-w- c:\windows\system32\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-14 10:00 . 2012-01-14 10:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-14 10:00 . 2012-01-14 10:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-14 10:00 . 2012-01-14 10:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-14 10:00 . 2012-01-14 10:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-14 10:00 . 2012-01-14 10:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-14 10:00 . 2012-01-14 10:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-14 10:00 . 2012-01-14 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-14 10:00 . 2012-01-14 10:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-14 10:00 . 2012-01-14 10:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 10:00 . 2012-01-14 10:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-14 10:00 . 2012-01-14 10:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-14 10:00 . 2012-01-14 10:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-14 08:48 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-01-14 08:48 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:48 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-11-10 03:15 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-11-10 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-11-10 02:40 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-11-10 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-11-10 02:18 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-11-10 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-11-10 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-11-10 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-01_17.13.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 13:45 . 2010-04-27 13:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe
- 2009-07-14 04:54 . 2012-03-01 17:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-01 17:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-04 12:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-01 17:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-04 22:02 32848 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-04 22:02 36304 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-14 08:50 . 2012-03-04 22:02 13070 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4142652493-215447543-3548880870-1000_UserData.bin
+ 2011-09-13 05:30 . 2011-09-13 05:30 37456 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-08-08 05:08 . 2011-08-08 05:08 46672 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 29776 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 26704 c:\windows\system32\drivers\AVGIDSEH.sys
- 2012-01-14 08:45 . 2012-02-27 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-14 08:45 . 2012-03-03 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-14 08:45 . 2012-02-27 21:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-14 08:45 . 2012-03-03 07:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-03 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 13:47 . 2012-03-04 13:47 76926 c:\windows\Installer\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}\GameForWindowsLiveDash.exe
+ 2012-03-04 22:20 . 2012-03-04 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-01 17:13 . 2012-03-01 17:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-27 13:45 . 2010-04-27 13:45 187544 c:\windows\SysWOW64\xliveinstall.dll
- 2010-11-21 03:24 . 2012-01-14 08:48 833024 c:\windows\SysWOW64\user32.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 833024 c:\windows\SysWOW64\user32.dll
+ 2012-03-04 16:23 . 2012-03-04 16:23 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2009-08-18 10:29 . 2009-08-18 10:29 195456 c:\windows\SysWOW64\LIVESSP.DLL
+ 2012-03-03 06:55 . 2012-03-04 12:46 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-15 22:03 . 2012-03-03 20:38 246168 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-04 13:32 624578 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-01 12:47 624578 c:\windows\system32\perfh009.dat
- 2012-01-14 09:50 . 2012-03-01 12:47 639770 c:\windows\system32\perfh005.dat
+ 2012-01-14 09:50 . 2012-03-04 13:32 639770 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-04 13:32 110216 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-01 12:47 110216 c:\windows\system32\perfc009.dat
+ 2012-01-14 09:50 . 2012-03-04 13:32 126668 c:\windows\system32\perfc005.dat
- 2012-01-14 09:50 . 2012-03-01 12:47 126668 c:\windows\system32\perfc005.dat
+ 2012-02-26 21:09 . 2012-03-04 16:23 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
- 2012-02-26 21:09 . 2012-02-26 21:09 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2009-08-18 11:48 . 2009-08-18 11:48 243056 c:\windows\system32\LIVESSP.DLL
+ 2011-07-11 00:14 . 2011-07-11 00:14 375376 c:\windows\system32\drivers\avgtdia.sys
+ 2011-10-07 05:23 . 2011-10-07 05:23 283728 c:\windows\system32\drivers\avgldx64.sys
+ 2011-07-11 00:14 . 2011-07-11 00:14 120400 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2009-07-14 05:01 . 2012-03-04 22:20 246912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-01 17:12 246912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-25 17:59 . 2012-01-25 17:59 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2012-01-25 17:59 . 2012-03-04 16:23 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 1008128 c:\windows\system32\user32.dll
+ 2012-03-01 19:11 . 2012-03-01 19:11 7629312 c:\windows\Installer\729729.msi
+ 2012-03-01 19:17 . 2012-03-01 19:17 2833408 c:\windows\Installer\729725.msi
+ 2012-03-04 13:46 . 2012-03-04 13:46 3371008 c:\windows\Installer\14030f.msi
+ 2012-03-04 13:47 . 2012-03-04 13:47 6575616 c:\windows\Installer\14030a.msi
+ 2011-04-21 00:53 . 2011-04-21 00:53 6000640 c:\windows\Installer\140300.msi
+ 2011-09-28 16:45 . 2011-09-28 16:45 13642888 c:\windows\SysWOW64\xlivefnt.dll
+ 2011-09-28 16:45 . 2011-09-28 16:45 15453832 c:\windows\SysWOW64\xlive.dll
+ 2012-02-26 21:09 . 2012-03-04 16:23 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
- 2012-02-26 21:09 . 2012-02-26 21:09 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2012-01-15 18:35 . 2012-03-04 22:20 31696660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4142652493-215447543-3548880870-1000-12288.dat
+ 2012-03-04 13:46 . 2012-03-04 13:46 21598208 c:\windows\Installer\14031a.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-01 19:18 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-01 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"="c:\users\Mirek\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe" [2012-03-02 265216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-01 939872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 cpuz130;cpuz130;c:\users\Mirek\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-09 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-21 14136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\x1yvrhx2.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbba96a77-00b4-4f5a-86ae-04b5a8e6fdb3%7D&mid=fcd70d4671bd47d1a1e7bd2b2b24661a-9ff1b6bdc2b4742b42ba36bd81a0deb473b8eeb1&ds=AVG&v=10.0.0.7&lang=cs&pr=fr&d=2012-03-01%2020%3A19%3A02&sap=ku&q=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4142652493-215447543-3548880870-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
.
**************************************************************************
.
Celkový čas: 2012-03-04 23:24:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-04 22:24
ComboFix2.txt 2012-03-04 13:14
.
Před spuštěním: Volných bajtů: 576 563 875 840
Po spuštění: Volných bajtů: 576 263 442 432
.
- - End Of File - - 86D80919745BB1784752AF53573C58F1
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz